libmongocrypt-helper 1.12.0.0.1001 → 1.14.0.0.1001
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/ext/libmongocrypt/libmongocrypt/CHANGELOG.md +27 -0
- data/ext/libmongocrypt/libmongocrypt/CMakeLists.txt +15 -1
- data/ext/libmongocrypt/libmongocrypt/CODEOWNERS +3 -3
- data/ext/libmongocrypt/libmongocrypt/CONTRIBUTING.md +14 -0
- data/ext/libmongocrypt/libmongocrypt/Earthfile +50 -50
- data/ext/libmongocrypt/libmongocrypt/README.md +8 -17
- data/ext/libmongocrypt/libmongocrypt/bindings/python/CHANGELOG.rst +13 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/CONTRIBUTING.md +34 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/README.rst +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/asynchronous/state_machine.py +6 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/binding.py +57 -3
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/mongocrypt.py +40 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/options.py +14 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/synchronous/state_machine.py +6 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/pymongocrypt/version.py +1 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/sbom.json +8 -8
- data/ext/libmongocrypt/libmongocrypt/bindings/python/scripts/libmongocrypt-version.txt +1 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/{release.sh → scripts/release.sh} +9 -3
- data/ext/libmongocrypt/libmongocrypt/bindings/python/{synchro.py → scripts/synchro.py} +16 -9
- data/ext/libmongocrypt/libmongocrypt/bindings/python/scripts/synchro.sh +8 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/scripts/update-version.sh +27 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/scripts/update_binding.py +78 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/compact/success/encrypted-field-config-map.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/data/encrypted-field-config-map.json +0 -2
- data/ext/libmongocrypt/libmongocrypt/bindings/python/test/test_mongocrypt.py +26 -11
- data/ext/libmongocrypt/libmongocrypt/cmake/FetchMongoC.cmake +4 -2
- data/ext/libmongocrypt/libmongocrypt/cmake/ImportBSON.cmake +3 -5
- data/ext/libmongocrypt/libmongocrypt/doc/releasing.md +37 -43
- data/ext/libmongocrypt/libmongocrypt/etc/calc_release_version.py +39 -13
- data/ext/libmongocrypt/libmongocrypt/etc/calc_release_version_selftest.sh +1 -1
- data/ext/libmongocrypt/libmongocrypt/etc/cyclonedx.sbom.json +9 -9
- data/ext/libmongocrypt/libmongocrypt/etc/format.sh +0 -2
- data/ext/libmongocrypt/libmongocrypt/etc/libbson-remove-GCC-diagnostic-in-functions.patch +158 -0
- data/ext/libmongocrypt/libmongocrypt/etc/libbson-remove-GCC-diagnostic-pragma.patch +3 -3
- data/ext/libmongocrypt/libmongocrypt/etc/purls.txt +1 -1
- data/ext/libmongocrypt/libmongocrypt/integrating.md +42 -11
- data/ext/libmongocrypt/libmongocrypt/kms-message/CMakeLists.txt +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/hexlify.c +5 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/hexlify.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_azure_request.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_crypto_windows.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_gcp_request.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_reader_writer.c +4 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_kmip_request.c +1 -2
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_message_private.h +7 -3
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request.c +4 -4
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request_opt.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request_str.c +2 -8
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_request_str.h +9 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/kms_response_parser.c +0 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/sort.c +7 -3
- data/ext/libmongocrypt/libmongocrypt/kms-message/src/sort.h +2 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kmip_reader_writer.c +13 -6
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_assert.h +29 -11
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_azure_online.c +3 -3
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_gcp_online.c +4 -4
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_kmip_request.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_kmip_response.c +3 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_kmip_response_parser.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_online_util.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_online_util.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/kms-message/test/test_kms_request.c +50 -48
- data/ext/libmongocrypt/libmongocrypt/src/crypto/libcrypto.c +235 -65
- data/ext/libmongocrypt/libmongocrypt/src/crypto/none.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/csfle-markup.cpp +4 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-dec128.h +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-dec128.test.cpp +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc-private.h +6 -4
- data/ext/libmongocrypt/libmongocrypt/src/mc-efc.c +44 -12
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle-blob-subtype-private.h +5 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder-private.h +89 -8
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-encryption-placeholder.c +346 -131
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload-v2.c +6 -18
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-equality-payload.c +6 -18
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-private-v2.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload-v2.c +25 -26
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-range-payload.c +2 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-text-payload-private.h +122 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-find-text-payload.c +477 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-private-v2.h +35 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload-v2.c +193 -44
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-insert-update-payload.c +6 -18
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-private-v2.h +105 -7
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev-v2.c +386 -74
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-iev.c +13 -10
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-payload-uev-common.c +3 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-rfds.c +7 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-tag-and-encrypted-metadata-block-private.h +7 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-fle2-tag-and-encrypted-metadata-block.c +21 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-optional-private.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/{bindings/java/mongocrypt/benchmarks/build.gradle.kts → src/mc-parse-utils-private.h} +10 -11
- data/ext/libmongocrypt/libmongocrypt/src/mc-parse-utils.c +48 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation-private.h +5 -5
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-edge-generation.c +15 -20
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding-private.h +4 -6
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-encoding.c +9 -18
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-generator.template.h +4 -5
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover-private.h +5 -9
- data/ext/libmongocrypt/libmongocrypt/src/mc-range-mincover.c +14 -19
- data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts-private.h +2 -4
- data/ext/libmongocrypt/libmongocrypt/src/mc-rangeopts.c +109 -119
- data/ext/libmongocrypt/libmongocrypt/src/mc-reader-private.h +2 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-reader.c +4 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-schema-broker-private.h +123 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-schema-broker.c +1065 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-str-encode-string-sets-private.h +95 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-str-encode-string-sets.c +304 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-text-search-str-encode-private.h +52 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-text-search-str-encode.c +324 -0
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens-private.h +130 -2
- data/ext/libmongocrypt/libmongocrypt/src/mc-tokens.c +159 -3
- data/ext/libmongocrypt/libmongocrypt/src/mc-writer-private.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mc-writer.c +4 -2
- data/ext/libmongocrypt/libmongocrypt/src/mlib/error.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.h +12 -1
- data/ext/libmongocrypt/libmongocrypt/src/mlib/int128.test.cpp +5 -0
- data/ext/libmongocrypt/libmongocrypt/src/mlib/path.h +5 -5
- data/ext/libmongocrypt/libmongocrypt/src/mlib/path.test.c +2 -5
- data/ext/libmongocrypt/libmongocrypt/src/mlib/str.h +65 -58
- data/ext/libmongocrypt/libmongocrypt/src/mlib/str.test.c +3 -3
- data/ext/libmongocrypt/libmongocrypt/src/mlib/thread.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mlib/user-check.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mlib/windows-lean.h +2 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-buffer-private.h +11 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-buffer.c +36 -3
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-collinfo-private.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-cache-collinfo.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ciphertext-private.h +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-crypto-private.h +4 -4
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-crypto.c +29 -25
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-datakey.c +3 -2
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-decrypt.c +14 -7
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-encrypt.c +463 -900
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-private.h +5 -19
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx-rewrap-many-datakey.c +12 -0
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-ctx.c +5 -13
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-dll-private.h +19 -2
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-key-broker.c +9 -9
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-kms-ctx.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking-private.h +3 -4
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-marking.c +773 -584
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts-private.h +0 -6
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-opts.c +0 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-private.h +8 -13
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-traverse-util.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt-util.c +7 -2
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.c +53 -40
- data/ext/libmongocrypt/libmongocrypt/src/mongocrypt.h +17 -0
- data/ext/libmongocrypt/libmongocrypt/src/os_posix/os_dll.c +5 -1
- data/ext/libmongocrypt/libmongocrypt/src/os_posix/os_mutex.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/os_win/os_dll.c +3 -1
- data/ext/libmongocrypt/libmongocrypt/src/os_win/os_mutex.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/src/unicode/case-fold-map.c +1434 -0
- data/ext/libmongocrypt/libmongocrypt/src/unicode/diacritic-fold-map.c +2884 -0
- data/ext/libmongocrypt/libmongocrypt/src/unicode/fold.c +139 -0
- data/ext/libmongocrypt/libmongocrypt/src/unicode/fold.h +58 -0
- data/ext/libmongocrypt/libmongocrypt/test/crypt_shared-stub.cpp +0 -14
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/unencrypted/payload.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/missing-key-id/collinfo.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/no-fields/collinfo.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/collinfo.json +1 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/anchor-pad/encrypted-payload-range-v2.json +20 -21
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/missing-key-id/collinfo.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-fields/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-field-config-map.json +6 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload-range-v2.json +20 -21
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/cmd-to-mongocryptd.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/collinfo.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/encrypted-payload.json +2 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/omitted/mongocryptd-reply.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/cmd-to-mongocryptd.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/collinfo.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/encrypted-payload.json +2 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved/mongocryptd-reply.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_empty/cmd-to-mongocryptd.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_empty/collinfo.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_empty/mongocryptd-reply.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/dollardb/preserved_fle1/collinfo.json +2 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-extraField.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-missingKeyId.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-oneField-badVersionSet.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-oneField-goodVersionSet.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-oneField.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-textSearchFields-badVersionSet.json +48 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-textSearchFields-goodVersionSet.json +48 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-textSearchFields.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/efc/efc-twoFields.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/encrypted-field-config-map.json +1 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE1DeterministicEncryptedValue.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE1EncryptionPlaceholder.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE1RandomEncryptedValue.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2EncryptionPlaceholder.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2FindEqualityPayloadV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedEqualityEncryptedValue.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedEqualityEncryptedValueV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedRangeEncryptedValue.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2IndexedRangeEncryptedValueV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayload-RangeV1.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-explicit/insert-indexed.json → explicit-decrypt/FLE2InsertUpdatePayload.json} +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayloadV2-RangeV1.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayloadV2-RangeV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2InsertUpdatePayloadV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2UnindexedEncryptedValue.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/explicit-decrypt/FLE2UnindexedEncryptedValueV2.json +8 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/find-with-encryptionInformation.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle1-explain/with-csfle/collinfo.json +2 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle1-explain/with-mongocryptd/collinfo.json +2 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-collinfo.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-create-cmd-mongocryptd-reply.json +51 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-create-cmd-to-mongocryptd.json +45 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-bad-str-encode-version/bad-create-cmd.json +18 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-range/int32/encrypted-field-map.json → fle2-bad-str-encode-version/bad-encrypted-field-config-map.json} +7 -12
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-bad-str-encode-version}/encrypted-payload.json +4 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create/cmd-to-mongocryptd.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create/encrypted-field-config-map.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/cmd-to-mongocryptd.json +44 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/cmd.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-equality/encrypted-field-map.json → fle2-create-encrypted-collection/encrypted-field-config-map.json} +9 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/encrypted-payload.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection/mongocryptd-reply.json +50 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/cmd-to-mongocryptd.json +45 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-encrypted-fields-unset-str-encode-version/mongocryptd-reply.json +51 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json +46 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/cmd.json +18 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-field-config-map.json +25 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/encrypted-payload.json +18 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json +52 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/encrypted-field-config-map.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/encrypted-payload-v2.json +57 -59
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/mongocryptd-reply.json +63 -64
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/encrypted-field-config-map.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/encrypted-payload-v2.json +64 -66
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/mongocryptd-reply.json +69 -70
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/collinfo.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-csfle/encrypted-payload.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/cmd-to-mongocryptd.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/collinfo.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/encrypted-payload.json +2 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explain/with-mongocryptd/mongocryptd-reply.json +1 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-explicit/cmd-to-mongocryptd.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-explicit/cmd-to-mongod.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-explicit/reply-from-mongocryptd.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision-v2/mongocryptd-reply.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision-v2/encrypted-payload.json +14 -6
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double-precision/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-openinterval/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision-v2/encrypted-payload.json +14 -6
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32/encrypted-field-map.json +0 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32-v2/encrypted-payload.json +3 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64-v2/encrypted-field-map.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64-v2/encrypted-payload.json +6 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64-v2/mongocryptd-reply.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double-precision/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/int32/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/sparsity-2/encrypted-payload-v2.json +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search/cmd.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-range/double → fle2-insert-text-search}/encrypted-field-map.json +10 -9
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search/encrypted-payload.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search/mongocryptd-reply.json +55 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-find-range/double-precision → fle2-insert-text-search-with-str-encode-version}/encrypted-field-map.json +12 -13
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search-with-str-encode-version/encrypted-payload.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-text-search-with-str-encode-version/mongocryptd-reply.json +55 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-v2-with-str-encode-version/cmd.json +9 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-insert-v2-with-str-encode-version}/encrypted-field-map.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-v2-with-str-encode-version/encrypted-payload.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-insert-v2-with-str-encode-version}/mongocryptd-reply.json +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/cmd-to-mongocryptd.json +55 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/cmd.json +22 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/encrypted-field-config-map.json +29 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/encrypted-payload.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection/mongocryptd-reply.json +61 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd-to-mongocryptd.json +56 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/cmd.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/encrypted-field-config-map.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/encrypted-payload.json +23 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-text-search-create-encrypted-collection-with-str-encode-version/mongocryptd-reply.json +62 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/iev-v2/FLECrudTest-insertOneText.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/iev-v2/FLECrudTest-insertOneTextLarge.json +930 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/cmd-to-mongocryptd.json +60 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle/collInfo-c2.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-facet/cmd.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-mismatch/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/{bindings/java/mongocrypt/src/test/resources/collection-info.json → test/data/lookup/csfle-mismatch/collInfo-c1.json} +13 -11
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-mismatch/collInfo-c3.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-nested/cmd.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-only-schemaMap/cmd-to-mongocryptd.json +60 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-only-schemaMap/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-only-schemaMap/schemaMap.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/cmd-to-mongocryptd.json +60 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-schemaMap/schemaMap.json +21 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-self/cmd-to-mongocryptd.json +34 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-self/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-self/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/cmd-to-mongocryptd.json +49 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/collInfo-c2.json +29 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-sibling/reply-from-mongocryptd.json +18 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-unionWith/cmd.json +21 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-view/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-view/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/csfle-view/collInfo-v1.json +11 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/cmd-to-mongocryptd.json +65 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/cmd-to-mongod.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/collInfo-c2.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/{bindings/java/mongocrypt/src/test/resources/keys/ABCDEFAB123498761234123456789012-local-document.json → test/data/lookup/mixed/csfle/csfle/key-doc.json} +4 -4
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/csfle/reply-from-mongocryptd.json +33 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/cmd-to-mongocryptd.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/cmd-to-mongod.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/collInfo-c2.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/no-schema/reply-from-mongocryptd.json +33 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/cmd-to-mongocryptd.json +70 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/collInfo-c1.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/csfle/qe/collInfo-c2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/cmd-to-mongocryptd.json +47 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/cmd-to-mongod.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/collInfo-c1.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/collInfo-c2.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/csfle/reply-from-mongocryptd.json +33 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/cmd-to-mongocryptd.json +29 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/cmd-to-mongod.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/collInfo-c1.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/collInfo-c2.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/no-schema/reply-from-mongocryptd.json +26 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/cmd-to-mongocryptd.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/cmd-to-mongod.json +58 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/collInfo-c1.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/collInfo-c2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/no-schema/qe/reply-from-mongocryptd.json +65 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/cmd-to-mongocryptd.json +70 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/csfle/collInfo-c2.json +39 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/cmd-to-mongocryptd.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/cmd-to-mongod.json +56 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/collInfo-c2.json +17 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/no-schema/reply-from-mongocryptd.json +63 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/cmd-to-mongocryptd.json +66 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/cmd-to-mongod.json +71 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/collInfo-c2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/mixed/qe/qe/reply-from-mongocryptd.json +78 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/cmd-to-mongocryptd.json +61 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/cmd-to-mongod.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/cmd.json +14 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/collInfo-c2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe/reply-from-mongocryptd.json +68 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/cmd-to-mongocryptd.json +66 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/cmd-to-mongod.json +71 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert-unindexed/encrypted-field-map.json → lookup/qe-encryptedFieldsMap/encryptedFieldsMap.json} +6 -7
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-encryptedFieldsMap/reply-from-mongocryptd.json +78 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/cmd-to-mongocryptd.json +46 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/cmd-to-mongod.json +53 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-self/reply-from-mongocryptd.json +58 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/cmd-to-mongocryptd.json +66 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/cmd-to-mongod.json +75 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/cmd.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/collInfo-c1.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/collInfo-c2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/key-doc.json +30 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/lookup/qe-with-payload/reply-from-mongocryptd.json +78 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-create/mongocryptd-ismaster.json → mongocryptd-ismaster-17.json} +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/data/mongocryptd-ismaster-26.json +12 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-encryptedFields.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-encryptedFields2.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-jsonSchema.json +43 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/collinfo-noSchema.json +21 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/create-with-jsonSchema.json +24 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/encryptedFields.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/encryptedFields2.json +20 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/encryptedFieldsMap.json +42 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/jsonSchema.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/jsonSchema2.json +19 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/schema-broker/schemaMap.json +40 -0
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/mc.json +36 -2
- data/ext/libmongocrypt/libmongocrypt/test/data/tokens/server.json +36 -2
- data/ext/libmongocrypt/libmongocrypt/test/example-state-machine.c +5 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-dll.cpp +11 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-gcp-auth.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-efc.c +74 -6
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-encryption-placeholder.c +457 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-equality-payload-v2.c +20 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-range-payload-v2.c +2 -18
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-find-text-payload.c +320 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iev-v2.c +286 -24
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iev.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup-v2.c +24 -17
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-iup.c +24 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-payload-uev.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-rfds.c +10 -7
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-fle2-tag-and-encrypted-metadata-block.c +36 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-edge-generation.c +12 -17
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-encoding.c +58 -63
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-range-mincover.c +69 -85
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-rangeopts.c +7 -22
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-reader.c +5 -5
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-schema-broker.c +1124 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-text-search-str-encode.c +1336 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-tokens.c +165 -37
- data/ext/libmongocrypt/libmongocrypt/test/test-mc-writer.c +10 -10
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert-match-bson.c +16 -21
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-assert.h +55 -26
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-buffer.c +29 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cache.c +5 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ciphertext.c +13 -13
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-cleanup.c +49 -55
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-compact.c +64 -67
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-hooks.c +19 -19
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto-std-hooks.c +4 -0
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-crypto.c +41 -10
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-csfle-lib.c +33 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-decrypt.c +247 -149
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-encrypt.c +1342 -1229
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-rewrap-many-datakey.c +28 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-ctx-setopt.c +50 -91
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-datakey.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-dll.c +7 -4
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-endpoint.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kek.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-key-cache.c +9 -11
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kms-ctx.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-kms-responses.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-local-kms.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-log.c +2 -2
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-marking.c +1101 -161
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt-status.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.c +157 -82
- data/ext/libmongocrypt/libmongocrypt/test/test-mongocrypt.h +38 -6
- data/ext/libmongocrypt/libmongocrypt/test/test-named-kms-providers.c +11 -11
- data/ext/libmongocrypt/libmongocrypt/test/test-unicode-fold.c +101 -0
- data/ext/libmongocrypt/libmongocrypt/test/util/HELP.autogen +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/util/csfle.c +1 -1
- data/ext/libmongocrypt/libmongocrypt/test/util/util.c +5 -5
- data/ext/libmongocrypt/libmongocrypt/test/util/util.h +7 -6
- data/lib/libmongocrypt_helper/version.rb +2 -2
- metadata +219 -165
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/README.md +0 -36
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/java/com/mongodb/crypt/benchmark/BenchmarkRunner.java +0 -217
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/benchmarks/src/main/resources/keyDocument.json +0 -24
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/build.gradle.kts +0 -354
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.jar +0 -0
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradle/wrapper/gradle-wrapper.properties +0 -5
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew +0 -234
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/gradlew.bat +0 -89
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/settings.gradle.kts +0 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/BinaryHolder.java +0 -45
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPI.java +0 -1165
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CAPIHelper.java +0 -96
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/CipherCallback.java +0 -92
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/DisposableMemory.java +0 -31
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/JULLogger.java +0 -130
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/Logger.java +0 -144
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/Loggers.java +0 -50
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MacCallback.java +0 -60
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MessageDigestCallback.java +0 -55
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoAwsKmsProviderOptions.java +0 -104
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCrypt.java +0 -100
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptContext.java +0 -137
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptContextImpl.java +0 -164
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptException.java +0 -67
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptImpl.java +0 -423
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCryptOptions.java +0 -284
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoCrypts.java +0 -38
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoDataKeyOptions.java +0 -125
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoExplicitEncryptOptions.java +0 -227
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoKeyDecryptor.java +0 -76
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoKeyDecryptorImpl.java +0 -105
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoLocalKmsProviderOptions.java +0 -83
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/MongoRewrapManyDataKeyOptions.java +0 -104
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/SLF4JLogger.java +0 -110
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/SecureRandomCallback.java +0 -51
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/SigningRSAESPKCSCallback.java +0 -76
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/java/com/mongodb/crypt/capi/package-info.java +0 -18
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/jni-config.json +0 -180
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/main/resources/META-INF/native-image/reflect-config.json +0 -134
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/java/com/mongodb/crypt/capi/MongoCryptTest.java +0 -389
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/command-reply.json +0 -13
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/command.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/encrypted-command-reply.json +0 -16
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/encrypted-command.json +0 -11
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/encrypted-value.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/encrypted-payload.json +0 -26
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/key-filter.json +0 -19
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/rangeopts.json +0 -14
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/fle2-find-range-explicit-v2/int32/value-to-encrypt.json +0 -20
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/json-schema.json +0 -15
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/key-document.json +0 -36
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/key-filter-keyAltName.json +0 -14
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/key-filter.json +0 -19
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/kms-reply.txt +0 -6
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/list-collections-filter.json +0 -3
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/mongocryptd-command.json +0 -22
- data/ext/libmongocrypt/libmongocrypt/bindings/java/mongocrypt/src/test/resources/mongocryptd-reply.json +0 -18
- data/ext/libmongocrypt/libmongocrypt/bindings/python/libmongocrypt-version.txt +0 -1
- data/ext/libmongocrypt/libmongocrypt/bindings/python/strip_header.py +0 -50
- data/ext/libmongocrypt/libmongocrypt/bindings/python/update-sbom.sh +0 -14
- data/ext/libmongocrypt/libmongocrypt/etc/silk-create-asset-group.sh +0 -70
- data/ext/libmongocrypt/libmongocrypt/test/data/bulkWrite/jsonSchema/cmd.json +0 -20
- data/ext/libmongocrypt/libmongocrypt/test/data/cleanup/success/encrypted-payload.json +0 -29
- data/ext/libmongocrypt/libmongocrypt/test/data/collection-info-no-schema.json +0 -19
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/no-range/encrypted-field-config-map.json +0 -47
- data/ext/libmongocrypt/libmongocrypt/test/data/compact/success/encrypted-payload.json +0 -29
- data/ext/libmongocrypt/libmongocrypt/test/data/fle1-collMod/insert/cmd.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle1-collMod/insert/collinfo.json +0 -9
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-create/ismaster-to-mongocryptd.json +0 -3
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/empty/encrypted-payload.json +0 -91
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-delete/success/encrypted-payload.json +0 -98
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/find-indexed-contentionFactor1.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/insert-indexed-contentionFactor1.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-explicit/insert-indexed-same-user-and-index-key.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality/cmd.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality/encrypted-payload.json +0 -41
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-equality/mongocryptd-reply.json +0 -19
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/cmd.json +0 -10
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/encrypted-payload.json +0 -42
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/date/mongocryptd-reply.json +0 -50
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/cmd.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/encrypted-payload.json +0 -42
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128/mongocryptd-reply.json +0 -50
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/cmd.json +0 -6
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/encrypted-field-map.json +0 -31
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/encrypted-payload.json +0 -51
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/decimal128-precision/mongocryptd-reply.json +0 -59
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double/cmd.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double/encrypted-payload.json +0 -42
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double/mongocryptd-reply.json +0 -50
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/cmd.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/double-precision/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32/cmd.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32/encrypted-payload.json +0 -42
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int32/mongocryptd-reply.json +0 -50
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/cmd.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/encrypted-payload.json +0 -42
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range/int64/mongocryptd-reply.json +0 -50
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double/encrypted-payload.json +0 -26
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/double-precision/encrypted-payload.json +0 -26
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32/encrypted-payload.json +0 -26
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-nominmax/encrypted-payload-v2.json +0 -26
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-find-range-explicit/int32-openinterval/encrypted-payload.json +0 -16
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/cmd.json +0 -13
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/date/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/cmd.json +0 -9
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/cmd.json +0 -9
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/encrypted-field-map.json +0 -31
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/encrypted-payload.json +0 -54
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/decimal128-precision/mongocryptd-reply.json +0 -62
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/cmd.json +0 -11
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/cmd.json +0 -11
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/encrypted-field-map.json +0 -31
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/encrypted-payload.json +0 -48
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/double-precision/mongocryptd-reply.json +0 -56
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int32/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/cmd.json +0 -11
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/encrypted-field-map.json +0 -28
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/encrypted-payload.json +0 -45
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range/int64/mongocryptd-reply.json +0 -53
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double/encrypted-payload.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/double-precision/encrypted-payload.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/int32-nominmax/encrypted-payload-v2.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-range-explicit/sparsity-2/encrypted-payload.json +0 -8
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed/cmd.json +0 -9
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed/encrypted-payload.json +0 -14
- data/ext/libmongocrypt/libmongocrypt/test/data/fle2-insert-unindexed/mongocryptd-reply.json +0 -46
- data/ext/libmongocrypt/libmongocrypt/test/data/schema.json +0 -19
- /data/ext/libmongocrypt/libmongocrypt/bindings/python/{build-manylinux-wheel.sh → scripts/build-manylinux-wheel.sh} +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-explicit/find-indexed.json → explicit-decrypt/FLE2FindEqualityPayload.json} +0 -0
- /data/ext/libmongocrypt/libmongocrypt/test/data/{fle2-insert → fle2-insert-text-search-with-str-encode-version}/cmd.json +0 -0
@@ -14,12 +14,14 @@
|
|
14
14
|
* limitations under the License.
|
15
15
|
*/
|
16
16
|
|
17
|
+
#include "bson/bson.h"
|
17
18
|
#include "mc-fle-blob-subtype-private.h"
|
18
19
|
#include "mc-fle2-encryption-placeholder-private.h"
|
19
20
|
#include "mc-fle2-find-equality-payload-private-v2.h"
|
20
21
|
#include "mc-fle2-find-equality-payload-private.h"
|
21
22
|
#include "mc-fle2-find-range-payload-private-v2.h"
|
22
23
|
#include "mc-fle2-find-range-payload-private.h"
|
24
|
+
#include "mc-fle2-find-text-payload-private.h"
|
23
25
|
#include "mc-fle2-insert-update-payload-private-v2.h"
|
24
26
|
#include "mc-fle2-insert-update-payload-private.h"
|
25
27
|
#include "mc-fle2-payload-uev-private.h"
|
@@ -28,6 +30,8 @@
|
|
28
30
|
#include "mc-range-edge-generation-private.h"
|
29
31
|
#include "mc-range-encoding-private.h"
|
30
32
|
#include "mc-range-mincover-private.h"
|
33
|
+
#include "mc-str-encode-string-sets-private.h"
|
34
|
+
#include "mc-text-search-str-encode-private.h"
|
31
35
|
#include "mc-tokens-private.h"
|
32
36
|
#include "mongocrypt-buffer-private.h"
|
33
37
|
#include "mongocrypt-ciphertext-private.h"
|
@@ -62,7 +66,7 @@ _mongocrypt_marking_parse_fle1_placeholder(const bson_t *in, _mongocrypt_marking
|
|
62
66
|
BSON_ASSERT(field);
|
63
67
|
if (0 == strcmp("ki", field)) {
|
64
68
|
has_ki = true;
|
65
|
-
if (!_mongocrypt_buffer_from_uuid_iter(&out->key_id, &iter)) {
|
69
|
+
if (!_mongocrypt_buffer_from_uuid_iter(&out->u.fle1.key_id, &iter)) {
|
66
70
|
CLIENT_ERR("key id must be a UUID");
|
67
71
|
return false;
|
68
72
|
}
|
@@ -82,14 +86,14 @@ _mongocrypt_marking_parse_fle1_placeholder(const bson_t *in, _mongocrypt_marking
|
|
82
86
|
}
|
83
87
|
/* CDRIVER-3100 We must make a copy of this value; the result of
|
84
88
|
* bson_iter_value is ephemeral. */
|
85
|
-
bson_value_copy(value, &out->key_alt_name);
|
89
|
+
bson_value_copy(value, &out->u.fle1.key_alt_name);
|
86
90
|
out->type = MONGOCRYPT_MARKING_FLE1_BY_ALTNAME;
|
87
91
|
continue;
|
88
92
|
}
|
89
93
|
|
90
94
|
if (0 == strcmp("v", field)) {
|
91
95
|
has_v = true;
|
92
|
-
memcpy(&out->v_iter, &iter, sizeof(bson_iter_t));
|
96
|
+
memcpy(&out->u.fle1.v_iter, &iter, sizeof(bson_iter_t));
|
93
97
|
continue;
|
94
98
|
}
|
95
99
|
|
@@ -107,7 +111,7 @@ _mongocrypt_marking_parse_fle1_placeholder(const bson_t *in, _mongocrypt_marking
|
|
107
111
|
CLIENT_ERR("invalid algorithm value: %d", algorithm);
|
108
112
|
return false;
|
109
113
|
}
|
110
|
-
out->algorithm = (mongocrypt_encryption_algorithm_t)algorithm;
|
114
|
+
out->u.fle1.algorithm = (mongocrypt_encryption_algorithm_t)algorithm;
|
111
115
|
continue;
|
112
116
|
}
|
113
117
|
|
@@ -144,7 +148,7 @@ _mongocrypt_marking_parse_fle2_placeholder(const bson_t *in, _mongocrypt_marking
|
|
144
148
|
BSON_ASSERT_PARAM(out);
|
145
149
|
|
146
150
|
out->type = MONGOCRYPT_MARKING_FLE2_ENCRYPTION;
|
147
|
-
return mc_FLE2EncryptionPlaceholder_parse(&out->fle2, in, status);
|
151
|
+
return mc_FLE2EncryptionPlaceholder_parse(&out->u.fle2, in, status);
|
148
152
|
}
|
149
153
|
|
150
154
|
bool _mongocrypt_marking_parse_unowned(const _mongocrypt_buffer_t *in,
|
@@ -188,13 +192,13 @@ void _mongocrypt_marking_cleanup(_mongocrypt_marking_t *marking) {
|
|
188
192
|
return;
|
189
193
|
}
|
190
194
|
if (marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION) {
|
191
|
-
mc_FLE2EncryptionPlaceholder_cleanup(&marking->fle2);
|
195
|
+
mc_FLE2EncryptionPlaceholder_cleanup(&marking->u.fle2);
|
192
196
|
return;
|
193
197
|
}
|
194
198
|
|
195
199
|
// else FLE1
|
196
|
-
_mongocrypt_buffer_cleanup(&marking->key_id);
|
197
|
-
bson_value_destroy(&marking->key_alt_name);
|
200
|
+
_mongocrypt_buffer_cleanup(&marking->u.fle1.key_id);
|
201
|
+
bson_value_destroy(&marking->u.fle1.key_alt_name);
|
198
202
|
}
|
199
203
|
|
200
204
|
/**
|
@@ -268,10 +272,139 @@ void _mongocrypt_marking_cleanup(_mongocrypt_marking_t *marking) {
|
|
268
272
|
|
269
273
|
DERIVE_TOKEN_IMPL(EDC)
|
270
274
|
DERIVE_TOKEN_IMPL(ESC)
|
271
|
-
DERIVE_TOKEN_IMPL(ECC)
|
272
275
|
|
273
276
|
#undef DERIVE_TOKEN_IMPL
|
274
277
|
|
278
|
+
/**
|
279
|
+
* Calculates:
|
280
|
+
* E?CToken = HMAC(collectionLevel1Token, n)
|
281
|
+
* E?CText<T>Token = HMAC(E?CToken, t)
|
282
|
+
* E?CText<T>DerivedFromDataToken = HMAC(E?CText<T>Token, v)
|
283
|
+
* E?CText<T>DerivedFromDataTokenAndContentionFactorToken = HMAC(E?CText<T>DerivedFromDataToken, cf)
|
284
|
+
*
|
285
|
+
* E?C = EDC|ESC
|
286
|
+
* n = 1 for EDC, 2 for ESC
|
287
|
+
* <T> = Exact|Substring|Suffix|Prefix
|
288
|
+
* t = 1 for Exact, 2 for Substring, 3 for Suffix, 4 for Prefix
|
289
|
+
* cf = contentionFactor
|
290
|
+
*
|
291
|
+
* If {useContentionFactor} is False, E?CText<T>DerivedFromDataToken is saved to out, and
|
292
|
+
* {contentionFactor} is ignored.
|
293
|
+
* Otherwise, E?CText<T>DerivedFromDataTokenAndContentionFactorToken is saved to out.
|
294
|
+
* Note that {out} is initialized even on failure.
|
295
|
+
*/
|
296
|
+
#define DERIVE_TEXT_SEARCH_TOKEN_IMPL(Name, Type) \
|
297
|
+
static bool _fle2_derive_##Name##Text##Type##_token(_mongocrypt_crypto_t *crypto, \
|
298
|
+
_mongocrypt_buffer_t *out, \
|
299
|
+
const mc_CollectionsLevel1Token_t *level1Token, \
|
300
|
+
const _mongocrypt_buffer_t *value, \
|
301
|
+
bool useContentionFactor, \
|
302
|
+
int64_t contentionFactor, \
|
303
|
+
mongocrypt_status_t *status) { \
|
304
|
+
BSON_ASSERT_PARAM(crypto); \
|
305
|
+
BSON_ASSERT_PARAM(out); \
|
306
|
+
BSON_ASSERT_PARAM(level1Token); \
|
307
|
+
BSON_ASSERT_PARAM(value); \
|
308
|
+
\
|
309
|
+
_mongocrypt_buffer_init(out); \
|
310
|
+
\
|
311
|
+
mc_##Name##Token_t *token = mc_##Name##Token_new(crypto, level1Token, status); \
|
312
|
+
if (!token) { \
|
313
|
+
return false; \
|
314
|
+
} \
|
315
|
+
mc_##Name##Text##Type##Token_t *textToken = mc_##Name##Text##Type##Token_new(crypto, token, status); \
|
316
|
+
mc_##Name##Token_destroy(token); \
|
317
|
+
if (!textToken) { \
|
318
|
+
return false; \
|
319
|
+
} \
|
320
|
+
mc_##Name##Text##Type##DerivedFromDataToken_t *fromDataToken = \
|
321
|
+
mc_##Name##Text##Type##DerivedFromDataToken_new(crypto, textToken, value, status); \
|
322
|
+
mc_##Name##Text##Type##Token_destroy(textToken); \
|
323
|
+
if (!fromDataToken) { \
|
324
|
+
return false; \
|
325
|
+
} \
|
326
|
+
\
|
327
|
+
if (!useContentionFactor) { \
|
328
|
+
/* FindTextPayload uses *fromDataToken */ \
|
329
|
+
_mongocrypt_buffer_copy_to(mc_##Name##Text##Type##DerivedFromDataToken_get(fromDataToken), out); \
|
330
|
+
mc_##Name##Text##Type##DerivedFromDataToken_destroy(fromDataToken); \
|
331
|
+
return true; \
|
332
|
+
} \
|
333
|
+
\
|
334
|
+
BSON_ASSERT(contentionFactor >= 0); \
|
335
|
+
/* InsertUpdatePayload continues through *fromDataTokenAndContentionFactor */ \
|
336
|
+
mc_##Name##Text##Type##DerivedFromDataTokenAndContentionFactorToken_t *fromDataAndContentionFactor = \
|
337
|
+
mc_##Name##Text##Type##DerivedFromDataTokenAndContentionFactorToken_new(crypto, \
|
338
|
+
fromDataToken, \
|
339
|
+
(uint64_t)contentionFactor, \
|
340
|
+
status); \
|
341
|
+
mc_##Name##Text##Type##DerivedFromDataToken_destroy(fromDataToken); \
|
342
|
+
if (!fromDataAndContentionFactor) { \
|
343
|
+
return false; \
|
344
|
+
} \
|
345
|
+
_mongocrypt_buffer_copy_to( \
|
346
|
+
mc_##Name##Text##Type##DerivedFromDataTokenAndContentionFactorToken_get(fromDataAndContentionFactor), \
|
347
|
+
out); \
|
348
|
+
mc_##Name##Text##Type##DerivedFromDataTokenAndContentionFactorToken_destroy(fromDataAndContentionFactor); \
|
349
|
+
return true; \
|
350
|
+
}
|
351
|
+
|
352
|
+
DERIVE_TEXT_SEARCH_TOKEN_IMPL(EDC, Exact)
|
353
|
+
DERIVE_TEXT_SEARCH_TOKEN_IMPL(ESC, Exact)
|
354
|
+
DERIVE_TEXT_SEARCH_TOKEN_IMPL(EDC, Substring)
|
355
|
+
DERIVE_TEXT_SEARCH_TOKEN_IMPL(ESC, Substring)
|
356
|
+
DERIVE_TEXT_SEARCH_TOKEN_IMPL(EDC, Suffix)
|
357
|
+
DERIVE_TEXT_SEARCH_TOKEN_IMPL(ESC, Suffix)
|
358
|
+
DERIVE_TEXT_SEARCH_TOKEN_IMPL(EDC, Prefix)
|
359
|
+
DERIVE_TEXT_SEARCH_TOKEN_IMPL(ESC, Prefix)
|
360
|
+
#undef DERIVE_TEXT_SEARCH_TOKEN_IMPL
|
361
|
+
|
362
|
+
/**
|
363
|
+
* Calculates:
|
364
|
+
* ServerText<T>Token = HMAC(collectionLevel1Token, t)
|
365
|
+
* ServerText<T>DerivedFromDataToken = HMAC(ServerText<T>Token, v)
|
366
|
+
*
|
367
|
+
* <T> = Exact|Substring|Suffix|Prefix
|
368
|
+
* t = 1 for Exact, 2 for Substring, 3 for Suffix, 4 for Prefix
|
369
|
+
*
|
370
|
+
* ServerText<T>DerivedFromDataToken is saved to out.
|
371
|
+
* Note that {out} is initialized even on failure.
|
372
|
+
*/
|
373
|
+
#define DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Type) \
|
374
|
+
static bool _fle2_derive_serverText##Type##DerivedFromDataToken( \
|
375
|
+
_mongocrypt_crypto_t *crypto, \
|
376
|
+
_mongocrypt_buffer_t *out, \
|
377
|
+
const mc_ServerTokenDerivationLevel1Token_t *level1Token, \
|
378
|
+
const _mongocrypt_buffer_t *value, \
|
379
|
+
mongocrypt_status_t *status) { \
|
380
|
+
BSON_ASSERT_PARAM(crypto); \
|
381
|
+
BSON_ASSERT_PARAM(out); \
|
382
|
+
BSON_ASSERT_PARAM(level1Token); \
|
383
|
+
BSON_ASSERT_PARAM(value); \
|
384
|
+
BSON_ASSERT_PARAM(status); \
|
385
|
+
\
|
386
|
+
_mongocrypt_buffer_init(out); \
|
387
|
+
mc_ServerText##Type##Token_t *token = mc_ServerText##Type##Token_new(crypto, level1Token, status); \
|
388
|
+
if (!token) { \
|
389
|
+
return false; \
|
390
|
+
} \
|
391
|
+
mc_ServerText##Type##DerivedFromDataToken_t *dataToken = \
|
392
|
+
mc_ServerText##Type##DerivedFromDataToken_new(crypto, token, value, status); \
|
393
|
+
mc_ServerText##Type##Token_destroy(token); \
|
394
|
+
if (!dataToken) { \
|
395
|
+
return false; \
|
396
|
+
} \
|
397
|
+
_mongocrypt_buffer_copy_to(mc_ServerText##Type##DerivedFromDataToken_get(dataToken), out); \
|
398
|
+
mc_ServerText##Type##DerivedFromDataToken_destroy(dataToken); \
|
399
|
+
return true; \
|
400
|
+
}
|
401
|
+
|
402
|
+
DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Exact)
|
403
|
+
DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Substring)
|
404
|
+
DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Suffix)
|
405
|
+
DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL(Prefix)
|
406
|
+
#undef DERIVE_TEXT_SEARCH_SERVER_DERIVED_FROM_DATA_TOKEN_IMPL
|
407
|
+
|
275
408
|
static bool _fle2_derive_serverDerivedFromDataToken(_mongocrypt_crypto_t *crypto,
|
276
409
|
_mongocrypt_buffer_t *out,
|
277
410
|
const mc_ServerTokenDerivationLevel1Token_t *level1Token,
|
@@ -381,7 +514,7 @@ static bool _fle2_placeholder_aes_aead_encrypt(_mongocrypt_key_broker_t *kb,
|
|
381
514
|
// Range V2: p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor || isLeaf)
|
382
515
|
static bool _fle2_derive_encrypted_token(_mongocrypt_crypto_t *crypto,
|
383
516
|
_mongocrypt_buffer_t *out,
|
384
|
-
bool
|
517
|
+
bool concatentate_leaf,
|
385
518
|
const mc_CollectionsLevel1Token_t *collectionsLevel1Token,
|
386
519
|
const _mongocrypt_buffer_t *escDerivedToken,
|
387
520
|
const _mongocrypt_buffer_t *eccDerivedToken,
|
@@ -398,7 +531,7 @@ static bool _fle2_derive_encrypted_token(_mongocrypt_crypto_t *crypto,
|
|
398
531
|
const _mongocrypt_buffer_t *p = &tmp;
|
399
532
|
if (!eccDerivedToken) {
|
400
533
|
// FLE2v2
|
401
|
-
if (
|
534
|
+
if (concatentate_leaf && is_leaf.set) {
|
402
535
|
// Range V2; concat isLeaf
|
403
536
|
_mongocrypt_buffer_t isLeafBuf;
|
404
537
|
if (!_mongocrypt_buffer_copy_from_data_and_size(&isLeafBuf, (uint8_t[]){is_leaf.value}, 1)) {
|
@@ -483,7 +616,7 @@ static bool _get_tokenKey(_mongocrypt_key_broker_t *kb,
|
|
483
616
|
}
|
484
617
|
|
485
618
|
if (indexKey.len != MONGOCRYPT_KEY_LEN) {
|
486
|
-
CLIENT_ERR("invalid indexKey, expected len=%
|
619
|
+
CLIENT_ERR("invalid indexKey, expected len=%d, got len=%" PRIu32, MONGOCRYPT_KEY_LEN, indexKey.len);
|
487
620
|
_mongocrypt_buffer_cleanup(&indexKey);
|
488
621
|
return false;
|
489
622
|
}
|
@@ -514,7 +647,6 @@ static bool _mongocrypt_fle2_placeholder_common(_mongocrypt_key_broker_t *kb,
|
|
514
647
|
BSON_ASSERT_PARAM(value);
|
515
648
|
|
516
649
|
_mongocrypt_crypto_t *crypto = kb->crypt->crypto;
|
517
|
-
_mongocrypt_buffer_t indexKey = {0};
|
518
650
|
*ret = (_FLE2EncryptedPayloadCommon_t){{0}};
|
519
651
|
|
520
652
|
if (!_get_tokenKey(kb, indexKeyId, &ret->tokenKey, status)) {
|
@@ -553,191 +685,25 @@ static bool _mongocrypt_fle2_placeholder_common(_mongocrypt_key_broker_t *kb,
|
|
553
685
|
goto fail;
|
554
686
|
}
|
555
687
|
|
556
|
-
|
557
|
-
|
558
|
-
|
559
|
-
if (!ret->serverTokenDerivationLevel1Token) {
|
560
|
-
CLIENT_ERR("unable to derive serverTokenDerivationLevel1Token");
|
561
|
-
goto fail;
|
562
|
-
}
|
563
|
-
|
564
|
-
if (!_fle2_derive_serverDerivedFromDataToken(crypto,
|
565
|
-
&ret->serverDerivedFromDataToken,
|
566
|
-
ret->serverTokenDerivationLevel1Token,
|
567
|
-
value,
|
568
|
-
status)) {
|
569
|
-
goto fail;
|
570
|
-
}
|
571
|
-
} else {
|
572
|
-
/* FLE2v1 */
|
573
|
-
if (!_fle2_derive_ECC_token(crypto,
|
574
|
-
&ret->eccDerivedToken,
|
575
|
-
ret->collectionsLevel1Token,
|
576
|
-
value,
|
577
|
-
useContentionFactor,
|
578
|
-
contentionFactor,
|
579
|
-
status)) {
|
580
|
-
goto fail;
|
581
|
-
}
|
582
|
-
}
|
583
|
-
|
584
|
-
_mongocrypt_buffer_cleanup(&indexKey);
|
585
|
-
return true;
|
586
|
-
|
587
|
-
fail:
|
588
|
-
_FLE2EncryptedPayloadCommon_cleanup(ret);
|
589
|
-
_mongocrypt_buffer_cleanup(&indexKey);
|
590
|
-
return false;
|
591
|
-
}
|
592
|
-
|
593
|
-
// Shared implementation for insert/update and insert/update ForRange (v1)
|
594
|
-
static bool _mongocrypt_fle2_placeholder_to_insert_update_common_v1(_mongocrypt_key_broker_t *kb,
|
595
|
-
mc_FLE2InsertUpdatePayload_t *out,
|
596
|
-
int64_t *contentionFactor,
|
597
|
-
_FLE2EncryptedPayloadCommon_t *common,
|
598
|
-
const mc_FLE2EncryptionPlaceholder_t *placeholder,
|
599
|
-
bson_iter_t *value_iter,
|
600
|
-
mongocrypt_status_t *status) {
|
601
|
-
BSON_ASSERT_PARAM(kb);
|
602
|
-
BSON_ASSERT_PARAM(out);
|
603
|
-
BSON_ASSERT_PARAM(common);
|
604
|
-
BSON_ASSERT_PARAM(placeholder);
|
605
|
-
BSON_ASSERT_PARAM(value_iter);
|
606
|
-
BSON_ASSERT(kb->crypt);
|
607
|
-
BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == false);
|
608
|
-
BSON_ASSERT(kb->crypt->opts.use_range_v2 == false);
|
609
|
-
BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT);
|
610
|
-
|
611
|
-
_mongocrypt_crypto_t *crypto = kb->crypt->crypto;
|
612
|
-
_mongocrypt_buffer_t value = {0};
|
613
|
-
bool res = false;
|
614
|
-
|
615
|
-
*contentionFactor = 0;
|
616
|
-
if (placeholder->maxContentionFactor > 0) {
|
617
|
-
/* Choose a random contentionFactor in the inclusive range [0,
|
618
|
-
* placeholder->maxContentionFactor] */
|
619
|
-
if (!_mongocrypt_random_int64(crypto, placeholder->maxContentionFactor + 1, contentionFactor, status)) {
|
620
|
-
goto fail;
|
621
|
-
}
|
622
|
-
}
|
623
|
-
|
624
|
-
_mongocrypt_buffer_from_iter(&value, value_iter);
|
625
|
-
if (!_mongocrypt_fle2_placeholder_common(kb,
|
626
|
-
common,
|
627
|
-
&placeholder->index_key_id,
|
628
|
-
&value,
|
629
|
-
true, /* derive tokens using contentionFactor */
|
630
|
-
*contentionFactor,
|
631
|
-
status)) {
|
632
|
-
goto fail;
|
633
|
-
}
|
634
|
-
|
635
|
-
// d := EDCDerivedToken
|
636
|
-
_mongocrypt_buffer_steal(&out->edcDerivedToken, &common->edcDerivedToken);
|
637
|
-
// s := ESCDerivedToken
|
638
|
-
_mongocrypt_buffer_steal(&out->escDerivedToken, &common->escDerivedToken);
|
639
|
-
// c := ECCDerivedToken
|
640
|
-
_mongocrypt_buffer_steal(&out->eccDerivedToken, &common->eccDerivedToken);
|
641
|
-
|
642
|
-
// p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor ||
|
643
|
-
// ECCDerivedFromDataTokenAndContentionFactor)
|
644
|
-
if (!_fle2_derive_encrypted_token(crypto,
|
645
|
-
&out->encryptedTokens,
|
646
|
-
false, // Can't use range V2 with FLE V1
|
647
|
-
common->collectionsLevel1Token,
|
648
|
-
&out->escDerivedToken,
|
649
|
-
&out->eccDerivedToken,
|
650
|
-
(mc_optional_bool_t){0}, // Unset is_leaf as it's not used in V1
|
651
|
-
status)) {
|
688
|
+
ret->serverTokenDerivationLevel1Token = mc_ServerTokenDerivationLevel1Token_new(crypto, &ret->tokenKey, status);
|
689
|
+
if (!ret->serverTokenDerivationLevel1Token) {
|
690
|
+
CLIENT_ERR("unable to derive serverTokenDerivationLevel1Token");
|
652
691
|
goto fail;
|
653
692
|
}
|
654
693
|
|
655
|
-
|
656
|
-
|
657
|
-
|
658
|
-
|
659
|
-
|
660
|
-
{
|
661
|
-
_mongocrypt_buffer_t ciphertext = {0};
|
662
|
-
if (!_fle2_placeholder_aes_aead_encrypt(kb,
|
663
|
-
_mcFLE2AEADAlgorithm(),
|
664
|
-
&ciphertext,
|
665
|
-
&placeholder->user_key_id,
|
666
|
-
&value,
|
667
|
-
status)) {
|
668
|
-
goto fail;
|
669
|
-
}
|
670
|
-
const _mongocrypt_buffer_t v[2] = {placeholder->user_key_id, ciphertext};
|
671
|
-
const bool ok = _mongocrypt_buffer_concat(&out->value, v, 2);
|
672
|
-
_mongocrypt_buffer_cleanup(&ciphertext);
|
673
|
-
if (!ok) {
|
674
|
-
goto fail;
|
675
|
-
}
|
676
|
-
}
|
677
|
-
|
678
|
-
// e := ServerDataEncryptionLevel1Token
|
679
|
-
_mongocrypt_buffer_copy_to(mc_ServerDataEncryptionLevel1Token_get(common->serverDataEncryptionLevel1Token),
|
680
|
-
&out->serverEncryptionToken);
|
681
|
-
|
682
|
-
res = true;
|
683
|
-
fail:
|
684
|
-
_mongocrypt_buffer_cleanup(&value);
|
685
|
-
return res;
|
686
|
-
}
|
687
|
-
|
688
|
-
/**
|
689
|
-
* Payload subtype 4: FLE2InsertUpdatePayload
|
690
|
-
*
|
691
|
-
* {d: EDC, s: ESC, c: ECC,
|
692
|
-
* p: encToken, u: indexKeyId, t: type,
|
693
|
-
* v: value, e: serverToken}
|
694
|
-
*/
|
695
|
-
static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertext_v1(_mongocrypt_key_broker_t *kb,
|
696
|
-
_mongocrypt_marking_t *marking,
|
697
|
-
_mongocrypt_ciphertext_t *ciphertext,
|
698
|
-
mongocrypt_status_t *status) {
|
699
|
-
BSON_ASSERT_PARAM(kb);
|
700
|
-
BSON_ASSERT_PARAM(marking);
|
701
|
-
BSON_ASSERT_PARAM(ciphertext);
|
702
|
-
BSON_ASSERT_PARAM(status);
|
703
|
-
BSON_ASSERT(kb->crypt);
|
704
|
-
BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == false);
|
705
|
-
BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
|
706
|
-
BSON_ASSERT(marking->fle2.algorithm == MONGOCRYPT_FLE2_ALGORITHM_EQUALITY);
|
707
|
-
|
708
|
-
mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
|
709
|
-
_FLE2EncryptedPayloadCommon_t common = {{0}};
|
710
|
-
mc_FLE2InsertUpdatePayload_t payload;
|
711
|
-
mc_FLE2InsertUpdatePayload_init(&payload);
|
712
|
-
bool res = false;
|
713
|
-
|
714
|
-
int64_t contentionFactor = 0; /* ignored */
|
715
|
-
if (!_mongocrypt_fle2_placeholder_to_insert_update_common_v1(kb,
|
716
|
-
&payload,
|
717
|
-
&contentionFactor,
|
718
|
-
&common,
|
719
|
-
placeholder,
|
720
|
-
&placeholder->v_iter,
|
721
|
-
status)) {
|
694
|
+
if (!_fle2_derive_serverDerivedFromDataToken(crypto,
|
695
|
+
&ret->serverDerivedFromDataToken,
|
696
|
+
ret->serverTokenDerivationLevel1Token,
|
697
|
+
value,
|
698
|
+
status)) {
|
722
699
|
goto fail;
|
723
700
|
}
|
724
701
|
|
725
|
-
|
726
|
-
bson_t out;
|
727
|
-
bson_init(&out);
|
728
|
-
mc_FLE2InsertUpdatePayload_serialize(&payload, &out);
|
729
|
-
_mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
|
730
|
-
}
|
731
|
-
// Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
|
732
|
-
// not used for FLE2InsertUpdatePayload.
|
733
|
-
ciphertext->blob_subtype = MC_SUBTYPE_FLE2InsertUpdatePayload;
|
702
|
+
return true;
|
734
703
|
|
735
|
-
res = true;
|
736
704
|
fail:
|
737
|
-
|
738
|
-
|
739
|
-
|
740
|
-
return res;
|
705
|
+
_FLE2EncryptedPayloadCommon_cleanup(ret);
|
706
|
+
return false;
|
741
707
|
}
|
742
708
|
|
743
709
|
// Shared implementation for insert/update and insert/update ForRange (v2)
|
@@ -753,7 +719,6 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_common(_mongocrypt_key
|
|
753
719
|
BSON_ASSERT_PARAM(placeholder);
|
754
720
|
BSON_ASSERT_PARAM(value_iter);
|
755
721
|
BSON_ASSERT(kb->crypt);
|
756
|
-
BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == true);
|
757
722
|
BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT);
|
758
723
|
|
759
724
|
_mongocrypt_crypto_t *crypto = kb->crypt->crypto;
|
@@ -791,7 +756,7 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_common(_mongocrypt_key
|
|
791
756
|
if (!_fle2_derive_encrypted_token(
|
792
757
|
crypto,
|
793
758
|
&out->encryptedTokens,
|
794
|
-
|
759
|
+
true,
|
795
760
|
common->collectionsLevel1Token,
|
796
761
|
&out->escDerivedToken,
|
797
762
|
NULL, // unused in v2
|
@@ -839,8 +804,6 @@ fail:
|
|
839
804
|
|
840
805
|
/**
|
841
806
|
* Payload subtype 11: FLE2InsertUpdatePayloadV2
|
842
|
-
* Delegates to ..._insert_update_ciphertext_v1 for subtype 4
|
843
|
-
* when crypt.opts.use_fle2_v2 == false
|
844
807
|
*
|
845
808
|
* {d: EDC, s: ESC, p: encToken,
|
846
809
|
* u: indexKeyId, t: valueType, v: value,
|
@@ -857,11 +820,7 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertext(_mongocrypt
|
|
857
820
|
BSON_ASSERT(kb->crypt);
|
858
821
|
BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
|
859
822
|
|
860
|
-
|
861
|
-
return _mongocrypt_fle2_placeholder_to_insert_update_ciphertext_v1(kb, marking, ciphertext, status);
|
862
|
-
}
|
863
|
-
|
864
|
-
mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
|
823
|
+
mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->u.fle2;
|
865
824
|
_FLE2EncryptedPayloadCommon_t common = {{0}};
|
866
825
|
mc_FLE2InsertUpdatePayloadV2_t payload;
|
867
826
|
mc_FLE2InsertUpdatePayloadV2_init(&payload);
|
@@ -897,8 +856,7 @@ fail:
|
|
897
856
|
|
898
857
|
// get_edges creates and returns edges from an FLE2RangeInsertSpec. Returns NULL
|
899
858
|
// on error.
|
900
|
-
static mc_edges_t *
|
901
|
-
get_edges(mc_FLE2RangeInsertSpec_t *insertSpec, size_t sparsity, mongocrypt_status_t *status, bool use_range_v2) {
|
859
|
+
static mc_edges_t *get_edges(mc_FLE2RangeInsertSpec_t *insertSpec, size_t sparsity, mongocrypt_status_t *status) {
|
902
860
|
BSON_ASSERT_PARAM(insertSpec);
|
903
861
|
|
904
862
|
bson_type_t value_type = bson_iter_type(&insertSpec->v);
|
@@ -909,8 +867,7 @@ get_edges(mc_FLE2RangeInsertSpec_t *insertSpec, size_t sparsity, mongocrypt_stat
|
|
909
867
|
.max = OPT_I32(bson_iter_int32(&insertSpec->max)),
|
910
868
|
.sparsity = sparsity,
|
911
869
|
.trimFactor = insertSpec->trimFactor},
|
912
|
-
status
|
913
|
-
use_range_v2);
|
870
|
+
status);
|
914
871
|
}
|
915
872
|
|
916
873
|
else if (value_type == BSON_TYPE_INT64) {
|
@@ -919,8 +876,7 @@ get_edges(mc_FLE2RangeInsertSpec_t *insertSpec, size_t sparsity, mongocrypt_stat
|
|
919
876
|
.max = OPT_I64(bson_iter_int64(&insertSpec->max)),
|
920
877
|
.sparsity = sparsity,
|
921
878
|
.trimFactor = insertSpec->trimFactor},
|
922
|
-
status
|
923
|
-
use_range_v2);
|
879
|
+
status);
|
924
880
|
}
|
925
881
|
|
926
882
|
else if (value_type == BSON_TYPE_DATE_TIME) {
|
@@ -929,8 +885,7 @@ get_edges(mc_FLE2RangeInsertSpec_t *insertSpec, size_t sparsity, mongocrypt_stat
|
|
929
885
|
.max = OPT_I64(bson_iter_date_time(&insertSpec->max)),
|
930
886
|
.sparsity = sparsity,
|
931
887
|
.trimFactor = insertSpec->trimFactor},
|
932
|
-
status
|
933
|
-
use_range_v2);
|
888
|
+
status);
|
934
889
|
}
|
935
890
|
|
936
891
|
else if (value_type == BSON_TYPE_DOUBLE) {
|
@@ -946,11 +901,11 @@ get_edges(mc_FLE2RangeInsertSpec_t *insertSpec, size_t sparsity, mongocrypt_stat
|
|
946
901
|
args.precision = insertSpec->precision;
|
947
902
|
}
|
948
903
|
|
949
|
-
return mc_getEdgesDouble(args, status
|
904
|
+
return mc_getEdgesDouble(args, status);
|
950
905
|
}
|
951
906
|
|
952
907
|
else if (value_type == BSON_TYPE_DECIMAL128) {
|
953
|
-
#if MONGOCRYPT_HAVE_DECIMAL128_SUPPORT
|
908
|
+
#if MONGOCRYPT_HAVE_DECIMAL128_SUPPORT()
|
954
909
|
const mc_dec128 value = mc_dec128_from_bson_iter(&insertSpec->v);
|
955
910
|
mc_getEdgesDecimal128_args_t args = {
|
956
911
|
.value = value,
|
@@ -964,7 +919,7 @@ get_edges(mc_FLE2RangeInsertSpec_t *insertSpec, size_t sparsity, mongocrypt_stat
|
|
964
919
|
args.max = OPT_MC_DEC128(max);
|
965
920
|
args.precision = insertSpec->precision;
|
966
921
|
}
|
967
|
-
return mc_getEdgesDecimal128(args, status
|
922
|
+
return mc_getEdgesDecimal128(args, status);
|
968
923
|
#else // ↑↑↑↑↑↑↑↑ With Decimal128 / Without ↓↓↓↓↓↓↓↓↓↓
|
969
924
|
CLIENT_ERR("unsupported BSON type (Decimal128) for range: libmongocrypt "
|
970
925
|
"was built without extended Decimal128 support");
|
@@ -977,58 +932,53 @@ get_edges(mc_FLE2RangeInsertSpec_t *insertSpec, size_t sparsity, mongocrypt_stat
|
|
977
932
|
}
|
978
933
|
|
979
934
|
/**
|
980
|
-
* Payload subtype
|
935
|
+
* Payload subtype 11: FLE2InsertUpdatePayloadV2 for range updates
|
981
936
|
*
|
982
|
-
* {d: EDC, s: ESC,
|
983
|
-
*
|
984
|
-
*
|
985
|
-
*
|
986
|
-
*
|
937
|
+
* {d: EDC, s: ESC, p: encToken,
|
938
|
+
* u: indexKeyId, t: valueType, v: value,
|
939
|
+
* e: serverToken, l: serverDerivedFromDataToken,
|
940
|
+
* k: contentionFactor,
|
941
|
+
* g: [{d: EDC, s: ESC, l: serverDerivedFromDataToken, p: encToken},
|
942
|
+
* {d: EDC, s: ESC, l: serverDerivedFromDataToken, p: encToken},
|
987
943
|
* ...]}
|
988
944
|
*/
|
989
|
-
static bool
|
990
|
-
|
991
|
-
|
992
|
-
|
945
|
+
static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange(_mongocrypt_key_broker_t *kb,
|
946
|
+
_mongocrypt_marking_t *marking,
|
947
|
+
_mongocrypt_ciphertext_t *ciphertext,
|
948
|
+
mongocrypt_status_t *status) {
|
993
949
|
BSON_ASSERT_PARAM(kb);
|
994
950
|
BSON_ASSERT_PARAM(marking);
|
995
951
|
BSON_ASSERT_PARAM(ciphertext);
|
996
|
-
BSON_ASSERT_PARAM(status);
|
997
952
|
BSON_ASSERT(kb->crypt);
|
998
|
-
BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == false);
|
999
|
-
BSON_ASSERT(kb->crypt->opts.use_range_v2 == false);
|
1000
953
|
BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
|
1001
|
-
BSON_ASSERT(marking->fle2.algorithm == MONGOCRYPT_FLE2_ALGORITHM_RANGE);
|
1002
954
|
|
1003
|
-
mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
|
955
|
+
mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->u.fle2;
|
1004
956
|
_FLE2EncryptedPayloadCommon_t common = {{0}};
|
1005
|
-
|
1006
|
-
|
957
|
+
mc_FLE2InsertUpdatePayloadV2_t payload;
|
958
|
+
mc_FLE2InsertUpdatePayloadV2_init(&payload);
|
1007
959
|
bool res = false;
|
1008
960
|
mc_edges_t *edges = NULL;
|
1009
961
|
|
1010
962
|
// Parse the value ("v"), min ("min"), and max ("max") from
|
1011
963
|
// FLE2EncryptionPlaceholder for range insert.
|
1012
964
|
mc_FLE2RangeInsertSpec_t insertSpec;
|
1013
|
-
if (!mc_FLE2RangeInsertSpec_parse(&insertSpec, &placeholder->v_iter,
|
965
|
+
if (!mc_FLE2RangeInsertSpec_parse(&insertSpec, &placeholder->v_iter, status)) {
|
1014
966
|
goto fail;
|
1015
967
|
}
|
1016
968
|
|
1017
|
-
|
1018
|
-
|
1019
|
-
|
1020
|
-
|
1021
|
-
|
1022
|
-
|
1023
|
-
&insertSpec.v,
|
1024
|
-
status)) {
|
969
|
+
if (!_mongocrypt_fle2_placeholder_to_insert_update_common(kb,
|
970
|
+
&payload,
|
971
|
+
&common,
|
972
|
+
&marking->u.fle2,
|
973
|
+
&insertSpec.v,
|
974
|
+
status)) {
|
1025
975
|
goto fail;
|
1026
976
|
}
|
1027
977
|
|
1028
|
-
// g:= array<
|
978
|
+
// g:= array<EdgeTokenSetV2>
|
1029
979
|
{
|
1030
980
|
BSON_ASSERT(placeholder->sparsity >= 0 && (uint64_t)placeholder->sparsity <= (uint64_t)SIZE_MAX);
|
1031
|
-
edges = get_edges(&insertSpec, (size_t)placeholder->sparsity, status
|
981
|
+
edges = get_edges(&insertSpec, (size_t)placeholder->sparsity, status);
|
1032
982
|
if (!edges) {
|
1033
983
|
goto fail;
|
1034
984
|
}
|
@@ -1037,10 +987,11 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange_v1(
|
|
1037
987
|
// Create an EdgeTokenSet from each edge.
|
1038
988
|
bool loop_ok = false;
|
1039
989
|
const char *edge = mc_edges_get(edges, i);
|
990
|
+
bool is_leaf = mc_edges_is_leaf(edges, edge);
|
1040
991
|
_mongocrypt_buffer_t edge_buf = {0};
|
1041
992
|
_FLE2EncryptedPayloadCommon_t edge_tokens = {{0}};
|
1042
993
|
_mongocrypt_buffer_t encryptedTokens = {0};
|
1043
|
-
|
994
|
+
mc_EdgeTokenSetV2_t etc = {{0}};
|
1044
995
|
|
1045
996
|
if (!_mongocrypt_buffer_from_string(&edge_buf, edge)) {
|
1046
997
|
CLIENT_ERR("failed to copy edge to buffer");
|
@@ -1052,27 +1003,29 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange_v1(
|
|
1052
1003
|
&placeholder->index_key_id,
|
1053
1004
|
&edge_buf,
|
1054
1005
|
true, /* derive tokens using contentionFactor */
|
1055
|
-
contentionFactor,
|
1006
|
+
payload.contentionFactor,
|
1056
1007
|
status)) {
|
1057
1008
|
goto fail_loop;
|
1058
1009
|
}
|
1010
|
+
BSON_ASSERT(edge_tokens.eccDerivedToken.data == NULL);
|
1059
1011
|
|
1060
1012
|
// d := EDCDerivedToken
|
1061
1013
|
_mongocrypt_buffer_steal(&etc.edcDerivedToken, &edge_tokens.edcDerivedToken);
|
1062
1014
|
// s := ESCDerivedToken
|
1063
1015
|
_mongocrypt_buffer_steal(&etc.escDerivedToken, &edge_tokens.escDerivedToken);
|
1064
|
-
// c := ECCDerivedToken
|
1065
|
-
_mongocrypt_buffer_steal(&etc.eccDerivedToken, &edge_tokens.eccDerivedToken);
|
1066
1016
|
|
1067
|
-
//
|
1068
|
-
|
1017
|
+
// l := serverDerivedFromDataToken
|
1018
|
+
_mongocrypt_buffer_steal(&etc.serverDerivedFromDataToken, &edge_tokens.serverDerivedFromDataToken);
|
1019
|
+
|
1020
|
+
// p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor)
|
1021
|
+
// Or in Range V2: p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor || isLeaf)
|
1069
1022
|
if (!_fle2_derive_encrypted_token(kb->crypt->crypto,
|
1070
1023
|
&etc.encryptedTokens,
|
1071
|
-
|
1024
|
+
true,
|
1072
1025
|
edge_tokens.collectionsLevel1Token,
|
1073
1026
|
&etc.escDerivedToken,
|
1074
|
-
|
1075
|
-
(
|
1027
|
+
NULL, // ecc unsed in FLE2v2
|
1028
|
+
OPT_BOOL(is_leaf),
|
1076
1029
|
status)) {
|
1077
1030
|
goto fail_loop;
|
1078
1031
|
}
|
@@ -1090,242 +1043,572 @@ static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange_v1(
|
|
1090
1043
|
}
|
1091
1044
|
}
|
1092
1045
|
|
1046
|
+
// Include "range" payload fields introduced in SERVER-91889.
|
1047
|
+
payload.sparsity = OPT_I64(placeholder->sparsity);
|
1048
|
+
payload.precision = insertSpec.precision;
|
1049
|
+
payload.trimFactor = OPT_I32(mc_edges_get_used_trimFactor(edges));
|
1050
|
+
bson_value_copy(bson_iter_value(&insertSpec.min), &payload.indexMin);
|
1051
|
+
bson_value_copy(bson_iter_value(&insertSpec.max), &payload.indexMax);
|
1052
|
+
|
1093
1053
|
{
|
1094
1054
|
bson_t out;
|
1095
1055
|
bson_init(&out);
|
1096
|
-
|
1056
|
+
mc_FLE2InsertUpdatePayloadV2_serializeForRange(&payload, &out);
|
1097
1057
|
_mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
|
1098
1058
|
}
|
1099
1059
|
// Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
|
1100
|
-
// not used for
|
1101
|
-
ciphertext->blob_subtype =
|
1060
|
+
// not used for FLE2InsertUpdatePayloadV2.
|
1061
|
+
ciphertext->blob_subtype = MC_SUBTYPE_FLE2InsertUpdatePayloadV2;
|
1102
1062
|
|
1103
1063
|
res = true;
|
1104
1064
|
fail:
|
1105
1065
|
mc_edges_destroy(edges);
|
1106
|
-
|
1066
|
+
mc_FLE2InsertUpdatePayloadV2_cleanup(&payload);
|
1107
1067
|
_FLE2EncryptedPayloadCommon_cleanup(&common);
|
1108
1068
|
|
1109
1069
|
return res;
|
1110
1070
|
}
|
1111
1071
|
|
1112
1072
|
/**
|
1113
|
-
*
|
1114
|
-
*
|
1115
|
-
*
|
1073
|
+
* Sets up a mc_Text<T>TokenSet_t type by generating its member tokens:
|
1074
|
+
* - edcDerivedToken = HMAC(HMAC(HMAC(EDCToken, t), v), cf)
|
1075
|
+
* - escDerivedToken = HMAC(HMAC(HMAC(ESCToken, t), v), cf)
|
1076
|
+
* - serverDerivedFromDataToken = HMAC(HMAC(ServerLevel1Token, t), v)
|
1077
|
+
* and the encrypted token:
|
1078
|
+
* - encryptedTokens = EncryptCTR(ECOCToken, escDerivedToken)
|
1116
1079
|
*
|
1117
|
-
*
|
1118
|
-
*
|
1119
|
-
*
|
1120
|
-
*
|
1121
|
-
* g: [{d: EDC, s: ESC, l: serverDerivedFromDataToken, p: encToken},
|
1122
|
-
* {d: EDC, s: ESC, l: serverDerivedFromDataToken, p: encToken},
|
1123
|
-
* ...]}
|
1080
|
+
* <T> = Exact|Substring|Suffix|Prefix
|
1081
|
+
* t = 1 for Exact, 2 for Substring, 3 for Suffix, 4 for Prefix
|
1082
|
+
* cf = contentionFactor
|
1083
|
+
* EDC/ESC/ECOCToken are derived from {collLevel1Token}
|
1124
1084
|
*/
|
1125
|
-
|
1126
|
-
|
1127
|
-
|
1128
|
-
|
1085
|
+
#define GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Type) \
|
1086
|
+
static bool _fle2_generate_Text##Type##TokenSet(_mongocrypt_key_broker_t *kb, \
|
1087
|
+
mc_Text##Type##TokenSet_t *out, \
|
1088
|
+
const _mongocrypt_buffer_t *value, \
|
1089
|
+
int64_t contentionFactor, \
|
1090
|
+
const mc_CollectionsLevel1Token_t *collLevel1Token, \
|
1091
|
+
const mc_ServerTokenDerivationLevel1Token_t *serverLevel1Token, \
|
1092
|
+
mongocrypt_status_t *status) { \
|
1093
|
+
BSON_ASSERT_PARAM(kb); \
|
1094
|
+
BSON_ASSERT_PARAM(kb->crypt); \
|
1095
|
+
BSON_ASSERT_PARAM(out); \
|
1096
|
+
BSON_ASSERT_PARAM(value); \
|
1097
|
+
BSON_ASSERT_PARAM(collLevel1Token); \
|
1098
|
+
BSON_ASSERT_PARAM(serverLevel1Token); \
|
1099
|
+
\
|
1100
|
+
if (!_fle2_derive_EDCText##Type##_token(kb->crypt->crypto, \
|
1101
|
+
&out->edcDerivedToken, \
|
1102
|
+
collLevel1Token, \
|
1103
|
+
value, \
|
1104
|
+
true, \
|
1105
|
+
contentionFactor, \
|
1106
|
+
status)) { \
|
1107
|
+
return false; \
|
1108
|
+
} \
|
1109
|
+
if (!_fle2_derive_ESCText##Type##_token(kb->crypt->crypto, \
|
1110
|
+
&out->escDerivedToken, \
|
1111
|
+
collLevel1Token, \
|
1112
|
+
value, \
|
1113
|
+
true, \
|
1114
|
+
contentionFactor, \
|
1115
|
+
status)) { \
|
1116
|
+
return false; \
|
1117
|
+
} \
|
1118
|
+
if (!_fle2_derive_serverText##Type##DerivedFromDataToken(kb->crypt->crypto, \
|
1119
|
+
&out->serverDerivedFromDataToken, \
|
1120
|
+
serverLevel1Token, \
|
1121
|
+
value, \
|
1122
|
+
status)) { \
|
1123
|
+
return false; \
|
1124
|
+
} \
|
1125
|
+
if (!_fle2_derive_encrypted_token(kb->crypt->crypto, \
|
1126
|
+
&out->encryptedTokens, \
|
1127
|
+
false, \
|
1128
|
+
collLevel1Token, \
|
1129
|
+
&out->escDerivedToken, \
|
1130
|
+
NULL, \
|
1131
|
+
(mc_optional_bool_t){0}, \
|
1132
|
+
status)) { \
|
1133
|
+
return false; \
|
1134
|
+
} \
|
1135
|
+
return true; \
|
1136
|
+
} \
|
1137
|
+
static bool _fle2_generate_Text##Type##FindTokenSet( \
|
1138
|
+
_mongocrypt_key_broker_t *kb, \
|
1139
|
+
mc_Text##Type##FindTokenSet_t *out, \
|
1140
|
+
const _mongocrypt_buffer_t *value, \
|
1141
|
+
const mc_CollectionsLevel1Token_t *collLevel1Token, \
|
1142
|
+
const mc_ServerTokenDerivationLevel1Token_t *serverLevel1Token, \
|
1143
|
+
mongocrypt_status_t *status) { \
|
1144
|
+
BSON_ASSERT_PARAM(kb); \
|
1145
|
+
BSON_ASSERT_PARAM(kb->crypt); \
|
1146
|
+
BSON_ASSERT_PARAM(out); \
|
1147
|
+
BSON_ASSERT_PARAM(value); \
|
1148
|
+
BSON_ASSERT_PARAM(collLevel1Token); \
|
1149
|
+
BSON_ASSERT_PARAM(serverLevel1Token); \
|
1150
|
+
if (!_fle2_derive_EDCText##Type##_token(kb->crypt->crypto, \
|
1151
|
+
&out->edcDerivedToken, \
|
1152
|
+
collLevel1Token, \
|
1153
|
+
value, \
|
1154
|
+
false, \
|
1155
|
+
0, \
|
1156
|
+
status)) { \
|
1157
|
+
return false; \
|
1158
|
+
} \
|
1159
|
+
if (!_fle2_derive_ESCText##Type##_token(kb->crypt->crypto, \
|
1160
|
+
&out->escDerivedToken, \
|
1161
|
+
collLevel1Token, \
|
1162
|
+
value, \
|
1163
|
+
false, \
|
1164
|
+
0, \
|
1165
|
+
status)) { \
|
1166
|
+
return false; \
|
1167
|
+
} \
|
1168
|
+
if (!_fle2_derive_serverText##Type##DerivedFromDataToken(kb->crypt->crypto, \
|
1169
|
+
&out->serverDerivedFromDataToken, \
|
1170
|
+
serverLevel1Token, \
|
1171
|
+
value, \
|
1172
|
+
status)) { \
|
1173
|
+
return false; \
|
1174
|
+
} \
|
1175
|
+
return true; \
|
1176
|
+
}
|
1177
|
+
GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Exact)
|
1178
|
+
GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Substring)
|
1179
|
+
GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Suffix)
|
1180
|
+
GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL(Prefix)
|
1181
|
+
#undef GENERATE_TEXT_SEARCH_TOKEN_SET_FOR_TYPE_IMPL
|
1182
|
+
|
1183
|
+
static bool _fle2_generate_TextSearchTokenSets(_mongocrypt_key_broker_t *kb,
|
1184
|
+
mc_FLE2InsertUpdatePayloadV2_t *payload,
|
1185
|
+
const _mongocrypt_buffer_t *indexKeyId,
|
1186
|
+
const mc_FLE2TextSearchInsertSpec_t *spec,
|
1187
|
+
int64_t contentionFactor,
|
1188
|
+
mongocrypt_status_t *status) {
|
1129
1189
|
BSON_ASSERT_PARAM(kb);
|
1130
|
-
BSON_ASSERT_PARAM(
|
1131
|
-
BSON_ASSERT_PARAM(
|
1132
|
-
|
1133
|
-
BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
|
1134
|
-
const bool use_range_v2 = kb->crypt->opts.use_range_v2;
|
1135
|
-
|
1136
|
-
if (!kb->crypt->opts.use_fle2_v2) {
|
1137
|
-
return _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange_v1(kb, marking, ciphertext, status);
|
1138
|
-
}
|
1190
|
+
BSON_ASSERT_PARAM(payload);
|
1191
|
+
BSON_ASSERT_PARAM(indexKeyId);
|
1192
|
+
BSON_ASSERT_PARAM(spec);
|
1139
1193
|
|
1140
|
-
|
1194
|
+
_mongocrypt_crypto_t *crypto = kb->crypt->crypto;
|
1195
|
+
mc_TextSearchTokenSets_t *tsts = &payload->textSearchTokenSets.tsts;
|
1141
1196
|
_FLE2EncryptedPayloadCommon_t common = {{0}};
|
1142
|
-
mc_FLE2InsertUpdatePayloadV2_t payload;
|
1143
|
-
mc_FLE2InsertUpdatePayloadV2_init(&payload);
|
1144
1197
|
bool res = false;
|
1145
|
-
mc_edges_t *edges = NULL;
|
1146
1198
|
|
1147
|
-
|
1148
|
-
|
1149
|
-
mc_FLE2RangeInsertSpec_t insertSpec;
|
1150
|
-
if (!mc_FLE2RangeInsertSpec_parse(&insertSpec, &placeholder->v_iter, use_range_v2, status)) {
|
1199
|
+
mc_str_encode_sets_t *encodeSets = mc_text_search_str_encode(spec, status);
|
1200
|
+
if (!encodeSets) {
|
1151
1201
|
goto fail;
|
1152
1202
|
}
|
1153
1203
|
|
1154
|
-
|
1155
|
-
|
1156
|
-
&common,
|
1157
|
-
&marking->fle2,
|
1158
|
-
&insertSpec.v,
|
1159
|
-
status)) {
|
1204
|
+
// Start the token derivations
|
1205
|
+
if (!_get_tokenKey(kb, indexKeyId, &common.tokenKey, status)) {
|
1160
1206
|
goto fail;
|
1161
1207
|
}
|
1162
1208
|
|
1163
|
-
|
1209
|
+
common.collectionsLevel1Token = mc_CollectionsLevel1Token_new(crypto, &common.tokenKey, status);
|
1210
|
+
if (!common.collectionsLevel1Token) {
|
1211
|
+
CLIENT_ERR("unable to derive collectionLevel1Token");
|
1212
|
+
goto fail;
|
1213
|
+
}
|
1214
|
+
|
1215
|
+
common.serverTokenDerivationLevel1Token = mc_ServerTokenDerivationLevel1Token_new(crypto, &common.tokenKey, status);
|
1216
|
+
if (!common.serverTokenDerivationLevel1Token) {
|
1217
|
+
CLIENT_ERR("unable to derive serverTokenDerivationLevel1Token");
|
1218
|
+
goto fail;
|
1219
|
+
}
|
1220
|
+
|
1221
|
+
// Generate exact token set singleton
|
1164
1222
|
{
|
1165
|
-
|
1166
|
-
|
1167
|
-
|
1223
|
+
_mongocrypt_buffer_t asBsonValue;
|
1224
|
+
_mongocrypt_buffer_init(&asBsonValue);
|
1225
|
+
BSON_ASSERT(encodeSets->exact.len < INT_MAX);
|
1226
|
+
_mongocrypt_buffer_copy_from_string_as_bson_value(&asBsonValue,
|
1227
|
+
(const char *)encodeSets->exact.data,
|
1228
|
+
(int)encodeSets->exact.len);
|
1229
|
+
if (!_fle2_generate_TextExactTokenSet(kb,
|
1230
|
+
&tsts->exact,
|
1231
|
+
&asBsonValue,
|
1232
|
+
contentionFactor,
|
1233
|
+
common.collectionsLevel1Token,
|
1234
|
+
common.serverTokenDerivationLevel1Token,
|
1235
|
+
status)) {
|
1236
|
+
_mongocrypt_buffer_cleanup(&asBsonValue);
|
1168
1237
|
goto fail;
|
1169
1238
|
}
|
1239
|
+
_mongocrypt_buffer_cleanup(&asBsonValue);
|
1240
|
+
}
|
1170
1241
|
|
1171
|
-
|
1172
|
-
|
1173
|
-
|
1174
|
-
const char *edge = mc_edges_get(edges, i);
|
1175
|
-
bool is_leaf = mc_edges_is_leaf(edges, edge);
|
1176
|
-
_mongocrypt_buffer_t edge_buf = {0};
|
1177
|
-
_FLE2EncryptedPayloadCommon_t edge_tokens = {{0}};
|
1178
|
-
_mongocrypt_buffer_t encryptedTokens = {0};
|
1179
|
-
mc_EdgeTokenSetV2_t etc = {{0}};
|
1242
|
+
const char *substring;
|
1243
|
+
uint32_t bytelen;
|
1244
|
+
uint32_t appendCount;
|
1180
1245
|
|
1181
|
-
|
1182
|
-
|
1183
|
-
|
1246
|
+
// Generate array of substring token sets
|
1247
|
+
if (encodeSets->substring_set) {
|
1248
|
+
mc_substring_set_iter_t set_itr;
|
1249
|
+
mc_substring_set_iter_init(&set_itr, encodeSets->substring_set);
|
1250
|
+
|
1251
|
+
while (mc_substring_set_iter_next(&set_itr, &substring, &bytelen, &appendCount)) {
|
1252
|
+
BSON_ASSERT(appendCount > 0);
|
1253
|
+
BSON_ASSERT(bytelen < INT_MAX);
|
1254
|
+
|
1255
|
+
mc_TextSubstringTokenSet_t tset = {{0}};
|
1256
|
+
|
1257
|
+
_mongocrypt_buffer_t asBsonValue;
|
1258
|
+
_mongocrypt_buffer_init(&asBsonValue);
|
1259
|
+
_mongocrypt_buffer_copy_from_string_as_bson_value(&asBsonValue, substring, (int)bytelen);
|
1260
|
+
|
1261
|
+
if (!_fle2_generate_TextSubstringTokenSet(kb,
|
1262
|
+
&tset,
|
1263
|
+
&asBsonValue,
|
1264
|
+
contentionFactor,
|
1265
|
+
common.collectionsLevel1Token,
|
1266
|
+
common.serverTokenDerivationLevel1Token,
|
1267
|
+
status)) {
|
1268
|
+
_mongocrypt_buffer_cleanup(&asBsonValue);
|
1269
|
+
mc_TextSubstringTokenSet_cleanup(&tset);
|
1270
|
+
goto fail;
|
1184
1271
|
}
|
1272
|
+
_mongocrypt_buffer_cleanup(&asBsonValue);
|
1185
1273
|
|
1186
|
-
if (
|
1187
|
-
|
1188
|
-
|
1189
|
-
|
1190
|
-
|
1191
|
-
|
1192
|
-
status)) {
|
1193
|
-
goto fail_loop;
|
1274
|
+
if (appendCount > 1) {
|
1275
|
+
mc_TextSubstringTokenSet_t tset_copy;
|
1276
|
+
mc_TextSubstringTokenSet_shallow_copy(&tset, &tset_copy);
|
1277
|
+
for (; appendCount > 1; appendCount--) {
|
1278
|
+
_mc_array_append_val(&tsts->substringArray, tset_copy);
|
1279
|
+
}
|
1194
1280
|
}
|
1195
|
-
|
1281
|
+
_mc_array_append_val(&tsts->substringArray, tset); // array now owns tset
|
1282
|
+
}
|
1283
|
+
}
|
1196
1284
|
|
1197
|
-
|
1198
|
-
|
1199
|
-
|
1200
|
-
|
1285
|
+
// Generate array of suffix token sets
|
1286
|
+
if (encodeSets->suffix_set) {
|
1287
|
+
mc_affix_set_iter_t set_itr;
|
1288
|
+
mc_affix_set_iter_init(&set_itr, encodeSets->suffix_set);
|
1201
1289
|
|
1202
|
-
|
1203
|
-
|
1290
|
+
while (mc_affix_set_iter_next(&set_itr, &substring, &bytelen, &appendCount)) {
|
1291
|
+
BSON_ASSERT(appendCount > 0);
|
1292
|
+
BSON_ASSERT(bytelen < INT_MAX);
|
1204
1293
|
|
1205
|
-
|
1206
|
-
|
1207
|
-
|
1208
|
-
|
1209
|
-
|
1210
|
-
|
1211
|
-
|
1212
|
-
|
1213
|
-
|
1214
|
-
|
1215
|
-
|
1294
|
+
mc_TextSuffixTokenSet_t tset = {{0}};
|
1295
|
+
mc_TextSuffixTokenSet_init(&tset);
|
1296
|
+
|
1297
|
+
_mongocrypt_buffer_t asBsonValue;
|
1298
|
+
_mongocrypt_buffer_init(&asBsonValue);
|
1299
|
+
_mongocrypt_buffer_copy_from_string_as_bson_value(&asBsonValue, substring, (int)bytelen);
|
1300
|
+
|
1301
|
+
if (!_fle2_generate_TextSuffixTokenSet(kb,
|
1302
|
+
&tset,
|
1303
|
+
&asBsonValue,
|
1304
|
+
contentionFactor,
|
1305
|
+
common.collectionsLevel1Token,
|
1306
|
+
common.serverTokenDerivationLevel1Token,
|
1307
|
+
status)) {
|
1308
|
+
_mongocrypt_buffer_cleanup(&asBsonValue);
|
1309
|
+
mc_TextSuffixTokenSet_cleanup(&tset);
|
1310
|
+
goto fail;
|
1216
1311
|
}
|
1312
|
+
_mongocrypt_buffer_cleanup(&asBsonValue);
|
1217
1313
|
|
1218
|
-
|
1314
|
+
if (appendCount > 1) {
|
1315
|
+
mc_TextSuffixTokenSet_t tset_copy;
|
1316
|
+
mc_TextSuffixTokenSet_shallow_copy(&tset, &tset_copy);
|
1317
|
+
for (; appendCount > 1; appendCount--) {
|
1318
|
+
_mc_array_append_val(&tsts->suffixArray, tset_copy);
|
1319
|
+
}
|
1320
|
+
}
|
1321
|
+
_mc_array_append_val(&tsts->suffixArray, tset); // array now owns tset
|
1322
|
+
}
|
1323
|
+
}
|
1219
1324
|
|
1220
|
-
|
1221
|
-
|
1222
|
-
|
1223
|
-
|
1224
|
-
|
1225
|
-
|
1325
|
+
// Generate array of prefix token sets
|
1326
|
+
if (encodeSets->prefix_set) {
|
1327
|
+
mc_affix_set_iter_t set_itr;
|
1328
|
+
mc_affix_set_iter_init(&set_itr, encodeSets->prefix_set);
|
1329
|
+
|
1330
|
+
while (mc_affix_set_iter_next(&set_itr, &substring, &bytelen, &appendCount)) {
|
1331
|
+
BSON_ASSERT(appendCount > 0);
|
1332
|
+
BSON_ASSERT(bytelen < INT_MAX);
|
1333
|
+
|
1334
|
+
mc_TextPrefixTokenSet_t tset = {{0}};
|
1335
|
+
mc_TextPrefixTokenSet_init(&tset);
|
1336
|
+
|
1337
|
+
_mongocrypt_buffer_t asBsonValue;
|
1338
|
+
_mongocrypt_buffer_init(&asBsonValue);
|
1339
|
+
_mongocrypt_buffer_copy_from_string_as_bson_value(&asBsonValue, substring, (int)bytelen);
|
1340
|
+
|
1341
|
+
if (!_fle2_generate_TextPrefixTokenSet(kb,
|
1342
|
+
&tset,
|
1343
|
+
&asBsonValue,
|
1344
|
+
contentionFactor,
|
1345
|
+
common.collectionsLevel1Token,
|
1346
|
+
common.serverTokenDerivationLevel1Token,
|
1347
|
+
status)) {
|
1348
|
+
_mongocrypt_buffer_cleanup(&asBsonValue);
|
1349
|
+
mc_TextPrefixTokenSet_cleanup(&tset);
|
1226
1350
|
goto fail;
|
1227
1351
|
}
|
1352
|
+
_mongocrypt_buffer_cleanup(&asBsonValue);
|
1353
|
+
|
1354
|
+
if (appendCount > 1) {
|
1355
|
+
mc_TextPrefixTokenSet_t tset_copy;
|
1356
|
+
mc_TextPrefixTokenSet_shallow_copy(&tset, &tset_copy);
|
1357
|
+
for (; appendCount > 1; appendCount--) {
|
1358
|
+
_mc_array_append_val(&tsts->prefixArray, tset_copy); // array now owns tset_copy
|
1359
|
+
}
|
1360
|
+
}
|
1361
|
+
_mc_array_append_val(&tsts->prefixArray, tset); // moves ownership of tset
|
1228
1362
|
}
|
1229
1363
|
}
|
1364
|
+
payload->textSearchTokenSets.set = true;
|
1365
|
+
res = true;
|
1366
|
+
fail:
|
1367
|
+
_FLE2EncryptedPayloadCommon_cleanup(&common);
|
1368
|
+
mc_str_encode_sets_destroy(encodeSets);
|
1369
|
+
return res;
|
1370
|
+
}
|
1230
1371
|
|
1231
|
-
|
1232
|
-
|
1233
|
-
|
1234
|
-
|
1235
|
-
|
1236
|
-
|
1372
|
+
static bool _fle2_generate_TextSearchFindTokenSets(_mongocrypt_key_broker_t *kb,
|
1373
|
+
mc_TextSearchFindTokenSets_t *out,
|
1374
|
+
const _mongocrypt_buffer_t *indexKeyId,
|
1375
|
+
const mc_FLE2TextSearchInsertSpec_t *spec,
|
1376
|
+
mongocrypt_status_t *status) {
|
1377
|
+
BSON_ASSERT_PARAM(kb);
|
1378
|
+
BSON_ASSERT_PARAM(kb->crypt);
|
1379
|
+
BSON_ASSERT_PARAM(out);
|
1380
|
+
BSON_ASSERT_PARAM(indexKeyId);
|
1381
|
+
BSON_ASSERT_PARAM(spec);
|
1237
1382
|
|
1238
|
-
|
1239
|
-
|
1240
|
-
|
1241
|
-
|
1242
|
-
|
1383
|
+
_mongocrypt_crypto_t *crypto = kb->crypt->crypto;
|
1384
|
+
_FLE2EncryptedPayloadCommon_t common = {{0}};
|
1385
|
+
_mongocrypt_buffer_t asBsonValue = {0};
|
1386
|
+
bool res = false;
|
1387
|
+
|
1388
|
+
int operator_count = (int)spec->substr.set + (int)spec->suffix.set + (int)spec->prefix.set;
|
1389
|
+
if (operator_count > 1) {
|
1390
|
+
CLIENT_ERR("Text search query specification cannot contain multiple query type specifications");
|
1391
|
+
goto fail;
|
1392
|
+
}
|
1393
|
+
|
1394
|
+
if (!mc_text_search_str_query(spec, &asBsonValue, status)) {
|
1395
|
+
goto fail;
|
1396
|
+
}
|
1397
|
+
|
1398
|
+
// Start the token derivations
|
1399
|
+
if (!_get_tokenKey(kb, indexKeyId, &common.tokenKey, status)) {
|
1400
|
+
goto fail;
|
1401
|
+
}
|
1402
|
+
|
1403
|
+
common.collectionsLevel1Token = mc_CollectionsLevel1Token_new(crypto, &common.tokenKey, status);
|
1404
|
+
if (!common.collectionsLevel1Token) {
|
1405
|
+
CLIENT_ERR("unable to derive collectionLevel1Token");
|
1406
|
+
goto fail;
|
1243
1407
|
}
|
1244
|
-
// Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
|
1245
|
-
// not used for FLE2InsertUpdatePayloadV2.
|
1246
|
-
ciphertext->blob_subtype = MC_SUBTYPE_FLE2InsertUpdatePayloadV2;
|
1247
1408
|
|
1409
|
+
common.serverTokenDerivationLevel1Token = mc_ServerTokenDerivationLevel1Token_new(crypto, &common.tokenKey, status);
|
1410
|
+
if (!common.serverTokenDerivationLevel1Token) {
|
1411
|
+
CLIENT_ERR("unable to derive serverTokenDerivationLevel1Token");
|
1412
|
+
goto fail;
|
1413
|
+
}
|
1414
|
+
|
1415
|
+
if (spec->substr.set) {
|
1416
|
+
if (!_fle2_generate_TextSubstringFindTokenSet(kb,
|
1417
|
+
&out->substring.value,
|
1418
|
+
&asBsonValue,
|
1419
|
+
common.collectionsLevel1Token,
|
1420
|
+
common.serverTokenDerivationLevel1Token,
|
1421
|
+
status)) {
|
1422
|
+
goto fail;
|
1423
|
+
}
|
1424
|
+
out->substring.set = true;
|
1425
|
+
} else if (spec->suffix.set) {
|
1426
|
+
if (!_fle2_generate_TextSuffixFindTokenSet(kb,
|
1427
|
+
&out->suffix.value,
|
1428
|
+
&asBsonValue,
|
1429
|
+
common.collectionsLevel1Token,
|
1430
|
+
common.serverTokenDerivationLevel1Token,
|
1431
|
+
status)) {
|
1432
|
+
goto fail;
|
1433
|
+
}
|
1434
|
+
out->suffix.set = true;
|
1435
|
+
|
1436
|
+
} else if (spec->prefix.set) {
|
1437
|
+
if (!_fle2_generate_TextPrefixFindTokenSet(kb,
|
1438
|
+
&out->prefix.value,
|
1439
|
+
&asBsonValue,
|
1440
|
+
common.collectionsLevel1Token,
|
1441
|
+
common.serverTokenDerivationLevel1Token,
|
1442
|
+
status)) {
|
1443
|
+
goto fail;
|
1444
|
+
}
|
1445
|
+
out->prefix.set = true;
|
1446
|
+
} else {
|
1447
|
+
if (!_fle2_generate_TextExactFindTokenSet(kb,
|
1448
|
+
&out->exact.value,
|
1449
|
+
&asBsonValue,
|
1450
|
+
common.collectionsLevel1Token,
|
1451
|
+
common.serverTokenDerivationLevel1Token,
|
1452
|
+
status)) {
|
1453
|
+
goto fail;
|
1454
|
+
}
|
1455
|
+
out->exact.set = true;
|
1456
|
+
}
|
1248
1457
|
res = true;
|
1249
1458
|
fail:
|
1250
|
-
|
1251
|
-
mc_FLE2InsertUpdatePayloadV2_cleanup(&payload);
|
1459
|
+
_mongocrypt_buffer_cleanup(&asBsonValue);
|
1252
1460
|
_FLE2EncryptedPayloadCommon_cleanup(&common);
|
1253
|
-
|
1254
1461
|
return res;
|
1255
1462
|
}
|
1256
1463
|
|
1257
1464
|
/**
|
1258
|
-
* Payload subtype
|
1465
|
+
* Payload subtype 11: FLE2InsertUpdatePayloadV2 for text search inserts/updates
|
1259
1466
|
*
|
1260
|
-
* {
|
1467
|
+
* {v: value, u: indexKeyId, t: valueType, k: contentionFactor, e: serverToken,
|
1468
|
+
* b: { e: {d: EDC_exact, s: ESC_exact, l: svrDFDToken_exact, p: encToken_exact},
|
1469
|
+
* s: [{d: EDC_substr, s: ESC_substr, l: svrDFDToken_substr, p: encToken_substr}, ...]
|
1470
|
+
* u: [{d: EDC_suffix, s: ESC_suffix, l: svrDFDToken_suffix, p: encToken_suffix}, ...]
|
1471
|
+
* p: [{d: EDC_prefix, s: ESC_prefix, l: svrDFDToken_prefix, p: encToken_prefix}, ...]
|
1472
|
+
* },
|
1473
|
+
* d: bogusToken, s: bogusToken, l: bogusToken, p: bogusCiphertext
|
1474
|
+
* }
|
1261
1475
|
*/
|
1262
|
-
static bool
|
1263
|
-
|
1264
|
-
|
1265
|
-
|
1476
|
+
static bool _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForTextSearch(_mongocrypt_key_broker_t *kb,
|
1477
|
+
_mongocrypt_marking_t *marking,
|
1478
|
+
_mongocrypt_ciphertext_t *ciphertext,
|
1479
|
+
mongocrypt_status_t *status) {
|
1266
1480
|
BSON_ASSERT_PARAM(kb);
|
1267
1481
|
BSON_ASSERT_PARAM(marking);
|
1268
1482
|
BSON_ASSERT_PARAM(ciphertext);
|
1483
|
+
BSON_ASSERT(kb->crypt);
|
1484
|
+
BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
|
1485
|
+
|
1486
|
+
mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->u.fle2;
|
1487
|
+
BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT);
|
1488
|
+
BSON_ASSERT(placeholder->algorithm == MONGOCRYPT_FLE2_ALGORITHM_TEXT_SEARCH);
|
1269
1489
|
|
1270
1490
|
_FLE2EncryptedPayloadCommon_t common = {{0}};
|
1491
|
+
mc_FLE2InsertUpdatePayloadV2_t payload;
|
1492
|
+
mc_FLE2InsertUpdatePayloadV2_init(&payload);
|
1493
|
+
|
1271
1494
|
_mongocrypt_buffer_t value = {0};
|
1272
|
-
mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
|
1273
|
-
mc_FLE2FindEqualityPayload_t payload;
|
1274
1495
|
bool res = false;
|
1275
1496
|
|
1276
|
-
|
1277
|
-
|
1278
|
-
|
1279
|
-
|
1280
|
-
mc_FLE2FindEqualityPayload_init(&payload);
|
1497
|
+
mc_FLE2TextSearchInsertSpec_t insertSpec;
|
1498
|
+
if (!mc_FLE2TextSearchInsertSpec_parse(&insertSpec, &placeholder->v_iter, status)) {
|
1499
|
+
goto fail;
|
1500
|
+
}
|
1281
1501
|
|
1282
|
-
|
1502
|
+
// One of substr/suffix/prefix must be set for inserts
|
1503
|
+
if (!(insertSpec.substr.set || insertSpec.suffix.set || insertSpec.prefix.set)) {
|
1504
|
+
CLIENT_ERR("FLE2TextSearchInsertSpec is missing a substring, suffix, or prefix index specification");
|
1505
|
+
goto fail;
|
1506
|
+
}
|
1507
|
+
|
1508
|
+
// t
|
1509
|
+
payload.valueType = BSON_TYPE_UTF8;
|
1510
|
+
|
1511
|
+
// k
|
1512
|
+
payload.contentionFactor = 0;
|
1513
|
+
if (placeholder->maxContentionFactor > 0) {
|
1514
|
+
/* Choose a random contentionFactor in the inclusive range [0,
|
1515
|
+
* placeholder->maxContentionFactor] */
|
1516
|
+
if (!_mongocrypt_random_int64(kb->crypt->crypto,
|
1517
|
+
placeholder->maxContentionFactor + 1,
|
1518
|
+
&payload.contentionFactor,
|
1519
|
+
status)) {
|
1520
|
+
goto fail;
|
1521
|
+
}
|
1522
|
+
}
|
1523
|
+
|
1524
|
+
// u
|
1525
|
+
_mongocrypt_buffer_copy_to(&placeholder->index_key_id, &payload.indexKeyId);
|
1283
1526
|
|
1527
|
+
_mongocrypt_buffer_from_iter(&value, &insertSpec.v_iter);
|
1284
1528
|
if (!_mongocrypt_fle2_placeholder_common(kb,
|
1285
1529
|
&common,
|
1286
1530
|
&placeholder->index_key_id,
|
1287
1531
|
&value,
|
1288
|
-
|
1289
|
-
|
1532
|
+
true, /* derive tokens using contentionFactor */
|
1533
|
+
payload.contentionFactor,
|
1290
1534
|
status)) {
|
1291
1535
|
goto fail;
|
1292
1536
|
}
|
1293
1537
|
|
1294
|
-
// d
|
1295
|
-
|
1296
|
-
|
1297
|
-
|
1298
|
-
|
1299
|
-
|
1538
|
+
// (d, s, l) are never used for text search, so just set these to bogus buffers of
|
1539
|
+
// correct length.
|
1540
|
+
BSON_ASSERT(_mongocrypt_buffer_steal_from_data_and_size(&payload.edcDerivedToken,
|
1541
|
+
bson_malloc0(MONGOCRYPT_HMAC_SHA256_LEN),
|
1542
|
+
MONGOCRYPT_HMAC_SHA256_LEN));
|
1543
|
+
_mongocrypt_buffer_copy_to(&payload.edcDerivedToken, &payload.escDerivedToken);
|
1544
|
+
_mongocrypt_buffer_copy_to(&payload.edcDerivedToken, &payload.serverDerivedFromDataToken);
|
1545
|
+
|
1546
|
+
// p := EncryptCTR(ECOCToken, ESCDerivedFromDataTokenAndContentionFactor)
|
1547
|
+
// Since p is never used for text search, this just sets p to a bogus ciphertext of
|
1548
|
+
// the correct length.
|
1549
|
+
if (!_fle2_derive_encrypted_token(kb->crypt->crypto,
|
1550
|
+
&payload.encryptedTokens,
|
1551
|
+
false,
|
1552
|
+
common.collectionsLevel1Token,
|
1553
|
+
&payload.escDerivedToken, // bogus
|
1554
|
+
NULL, // unused in FLE2v2
|
1555
|
+
(mc_optional_bool_t){0},
|
1556
|
+
status)) {
|
1557
|
+
goto fail;
|
1558
|
+
}
|
1300
1559
|
|
1560
|
+
// v := UserKeyId + EncryptCBCAEAD(UserKey, value)
|
1561
|
+
{
|
1562
|
+
_mongocrypt_buffer_t ciphertext = {0};
|
1563
|
+
if (!_fle2_placeholder_aes_aead_encrypt(kb,
|
1564
|
+
_mcFLE2v2AEADAlgorithm(),
|
1565
|
+
&ciphertext,
|
1566
|
+
&placeholder->user_key_id,
|
1567
|
+
&value,
|
1568
|
+
status)) {
|
1569
|
+
goto fail;
|
1570
|
+
}
|
1571
|
+
const _mongocrypt_buffer_t v[2] = {placeholder->user_key_id, ciphertext};
|
1572
|
+
const bool ok = _mongocrypt_buffer_concat(&payload.value, v, 2);
|
1573
|
+
_mongocrypt_buffer_cleanup(&ciphertext);
|
1574
|
+
if (!ok) {
|
1575
|
+
goto fail;
|
1576
|
+
}
|
1577
|
+
}
|
1301
1578
|
// e := ServerDataEncryptionLevel1Token
|
1302
1579
|
_mongocrypt_buffer_copy_to(mc_ServerDataEncryptionLevel1Token_get(common.serverDataEncryptionLevel1Token),
|
1303
1580
|
&payload.serverEncryptionToken);
|
1304
1581
|
|
1305
|
-
|
1582
|
+
// b
|
1583
|
+
if (!_fle2_generate_TextSearchTokenSets(kb,
|
1584
|
+
&payload,
|
1585
|
+
&placeholder->index_key_id,
|
1586
|
+
&insertSpec,
|
1587
|
+
payload.contentionFactor,
|
1588
|
+
status)) {
|
1589
|
+
goto fail;
|
1590
|
+
}
|
1306
1591
|
|
1307
1592
|
{
|
1308
1593
|
bson_t out;
|
1309
1594
|
bson_init(&out);
|
1310
|
-
|
1595
|
+
mc_FLE2InsertUpdatePayloadV2_serializeForTextSearch(&payload, &out);
|
1311
1596
|
_mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
|
1312
1597
|
}
|
1313
1598
|
// Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
|
1314
|
-
// not used for
|
1315
|
-
ciphertext->blob_subtype =
|
1599
|
+
// not used for FLE2InsertUpdatePayloadV2.
|
1600
|
+
ciphertext->blob_subtype = MC_SUBTYPE_FLE2InsertUpdatePayloadV2;
|
1316
1601
|
|
1317
1602
|
res = true;
|
1318
1603
|
fail:
|
1319
|
-
|
1604
|
+
mc_FLE2InsertUpdatePayloadV2_cleanup(&payload);
|
1320
1605
|
_mongocrypt_buffer_cleanup(&value);
|
1321
1606
|
_FLE2EncryptedPayloadCommon_cleanup(&common);
|
1322
|
-
|
1323
1607
|
return res;
|
1324
1608
|
}
|
1325
1609
|
|
1326
1610
|
/**
|
1327
1611
|
* Payload subtype 12: FLE2FindEqualityPayloadV2
|
1328
|
-
* Delegates to ..._find_ciphertext_v1 when crypt->opts.use_fle2_v2 == false.
|
1329
1612
|
*
|
1330
1613
|
* {d: EDC, s: ESC, l: serverDerivedFromDataToken, cm: maxContentionFactor}
|
1331
1614
|
*/
|
@@ -1337,13 +1620,9 @@ static bool _mongocrypt_fle2_placeholder_to_find_ciphertext(_mongocrypt_key_brok
|
|
1337
1620
|
BSON_ASSERT_PARAM(marking);
|
1338
1621
|
BSON_ASSERT_PARAM(ciphertext);
|
1339
1622
|
|
1340
|
-
if (kb->crypt->opts.use_fle2_v2 == false) {
|
1341
|
-
return _mongocrypt_fle2_placeholder_to_find_ciphertext_v1(kb, marking, ciphertext, status);
|
1342
|
-
}
|
1343
|
-
|
1344
1623
|
_FLE2EncryptedPayloadCommon_t common = {{0}};
|
1345
1624
|
_mongocrypt_buffer_t value = {0};
|
1346
|
-
mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
|
1625
|
+
mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->u.fle2;
|
1347
1626
|
mc_FLE2FindEqualityPayloadV2_t payload;
|
1348
1627
|
bool res = false;
|
1349
1628
|
|
@@ -1401,10 +1680,8 @@ static bool isInfinite(bson_iter_t *iter) {
|
|
1401
1680
|
|
1402
1681
|
// mc_get_mincover_from_FLE2RangeFindSpec creates and returns a mincover from an
|
1403
1682
|
// FLE2RangeFindSpec. Returns NULL on error.
|
1404
|
-
mc_mincover_t *
|
1405
|
-
|
1406
|
-
mongocrypt_status_t *status,
|
1407
|
-
bool use_range_v2) {
|
1683
|
+
mc_mincover_t *
|
1684
|
+
mc_get_mincover_from_FLE2RangeFindSpec(mc_FLE2RangeFindSpec_t *findSpec, size_t sparsity, mongocrypt_status_t *status) {
|
1408
1685
|
BSON_ASSERT_PARAM(findSpec);
|
1409
1686
|
BSON_ASSERT(findSpec->edgesInfo.set);
|
1410
1687
|
|
@@ -1465,8 +1742,7 @@ mc_mincover_t *mc_get_mincover_from_FLE2RangeFindSpec(mc_FLE2RangeFindSpec_t *fi
|
|
1465
1742
|
.max = OPT_I32(bson_iter_int32(&findSpec->edgesInfo.value.indexMax)),
|
1466
1743
|
.sparsity = sparsity,
|
1467
1744
|
.trimFactor = findSpec->edgesInfo.value.trimFactor},
|
1468
|
-
status
|
1469
|
-
use_range_v2);
|
1745
|
+
status);
|
1470
1746
|
|
1471
1747
|
case BSON_TYPE_INT64:
|
1472
1748
|
BSON_ASSERT(bson_iter_type(&lowerBound) == BSON_TYPE_INT64);
|
@@ -1482,8 +1758,7 @@ mc_mincover_t *mc_get_mincover_from_FLE2RangeFindSpec(mc_FLE2RangeFindSpec_t *fi
|
|
1482
1758
|
.max = OPT_I64(bson_iter_int64(&findSpec->edgesInfo.value.indexMax)),
|
1483
1759
|
.sparsity = sparsity,
|
1484
1760
|
.trimFactor = findSpec->edgesInfo.value.trimFactor},
|
1485
|
-
status
|
1486
|
-
use_range_v2);
|
1761
|
+
status);
|
1487
1762
|
case BSON_TYPE_DATE_TIME:
|
1488
1763
|
BSON_ASSERT(bson_iter_type(&lowerBound) == BSON_TYPE_DATE_TIME);
|
1489
1764
|
BSON_ASSERT(bson_iter_type(&upperBound) == BSON_TYPE_DATE_TIME);
|
@@ -1498,8 +1773,7 @@ mc_mincover_t *mc_get_mincover_from_FLE2RangeFindSpec(mc_FLE2RangeFindSpec_t *fi
|
|
1498
1773
|
.max = OPT_I64(bson_iter_date_time(&findSpec->edgesInfo.value.indexMax)),
|
1499
1774
|
.sparsity = sparsity,
|
1500
1775
|
.trimFactor = findSpec->edgesInfo.value.trimFactor},
|
1501
|
-
status
|
1502
|
-
use_range_v2);
|
1776
|
+
status);
|
1503
1777
|
case BSON_TYPE_DOUBLE: {
|
1504
1778
|
BSON_ASSERT(bson_iter_type(&lowerBound) == BSON_TYPE_DOUBLE);
|
1505
1779
|
BSON_ASSERT(bson_iter_type(&upperBound) == BSON_TYPE_DOUBLE);
|
@@ -1520,10 +1794,10 @@ mc_mincover_t *mc_get_mincover_from_FLE2RangeFindSpec(mc_FLE2RangeFindSpec_t *fi
|
|
1520
1794
|
args.max = OPT_DOUBLE(bson_iter_double(&findSpec->edgesInfo.value.indexMax));
|
1521
1795
|
args.precision = findSpec->edgesInfo.value.precision;
|
1522
1796
|
}
|
1523
|
-
return mc_getMincoverDouble(args, status
|
1797
|
+
return mc_getMincoverDouble(args, status);
|
1524
1798
|
}
|
1525
1799
|
case BSON_TYPE_DECIMAL128: {
|
1526
|
-
#if MONGOCRYPT_HAVE_DECIMAL128_SUPPORT
|
1800
|
+
#if MONGOCRYPT_HAVE_DECIMAL128_SUPPORT()
|
1527
1801
|
BSON_ASSERT(bson_iter_type(&lowerBound) == BSON_TYPE_DECIMAL128);
|
1528
1802
|
BSON_ASSERT(bson_iter_type(&upperBound) == BSON_TYPE_DECIMAL128);
|
1529
1803
|
BSON_ASSERT(bson_iter_type(&findSpec->edgesInfo.value.indexMin) == BSON_TYPE_DECIMAL128);
|
@@ -1540,7 +1814,7 @@ mc_mincover_t *mc_get_mincover_from_FLE2RangeFindSpec(mc_FLE2RangeFindSpec_t *fi
|
|
1540
1814
|
args.max = OPT_MC_DEC128(mc_dec128_from_bson_iter(&findSpec->edgesInfo.value.indexMax));
|
1541
1815
|
args.precision = findSpec->edgesInfo.value.precision;
|
1542
1816
|
}
|
1543
|
-
return mc_getMincoverDecimal128(args, status
|
1817
|
+
return mc_getMincoverDecimal128(args, status);
|
1544
1818
|
#else // ↑↑↑↑↑↑↑↑ With Decimal128 / Without ↓↓↓↓↓↓↓↓↓↓
|
1545
1819
|
CLIENT_ERR("FLE2 find is not supported for Decimal128: libmongocrypt "
|
1546
1820
|
"was built without Decimal128 support");
|
@@ -1570,39 +1844,35 @@ mc_mincover_t *mc_get_mincover_from_FLE2RangeFindSpec(mc_FLE2RangeFindSpec_t *fi
|
|
1570
1844
|
}
|
1571
1845
|
|
1572
1846
|
/**
|
1573
|
-
* Payload subtype
|
1847
|
+
* Payload subtype 13: FLE2FindRangePayloadV2
|
1574
1848
|
*
|
1575
|
-
* {
|
1576
|
-
* g: [{d: EDC, s: ESC,
|
1849
|
+
* {cm: maxContentionFactor,
|
1850
|
+
* g: [{d: EDC, s: ESC, l: serverDerivedFromDataToken}, ...]}
|
1577
1851
|
*/
|
1578
|
-
static bool
|
1579
|
-
|
1580
|
-
|
1581
|
-
|
1852
|
+
static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForRange(_mongocrypt_key_broker_t *kb,
|
1853
|
+
_mongocrypt_marking_t *marking,
|
1854
|
+
_mongocrypt_ciphertext_t *ciphertext,
|
1855
|
+
mongocrypt_status_t *status) {
|
1582
1856
|
BSON_ASSERT_PARAM(kb);
|
1583
1857
|
BSON_ASSERT_PARAM(marking);
|
1584
1858
|
BSON_ASSERT_PARAM(ciphertext);
|
1585
|
-
BSON_ASSERT(kb->crypt);
|
1586
1859
|
|
1587
|
-
|
1588
|
-
|
1589
|
-
mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
|
1590
|
-
mc_FLE2FindRangePayload_t payload;
|
1860
|
+
mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->u.fle2;
|
1861
|
+
mc_FLE2FindRangePayloadV2_t payload;
|
1591
1862
|
bool res = false;
|
1592
1863
|
mc_mincover_t *mincover = NULL;
|
1593
1864
|
_mongocrypt_buffer_t tokenKey = {0};
|
1594
1865
|
|
1595
|
-
BSON_ASSERT(kb->crypt->opts.use_fle2_v2 == false);
|
1596
1866
|
BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
|
1597
1867
|
BSON_ASSERT(placeholder);
|
1598
1868
|
BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND);
|
1599
1869
|
BSON_ASSERT(placeholder->algorithm == MONGOCRYPT_FLE2_ALGORITHM_RANGE);
|
1600
|
-
|
1870
|
+
mc_FLE2FindRangePayloadV2_init(&payload);
|
1601
1871
|
|
1602
1872
|
// Parse the query bounds and index bounds from FLE2EncryptionPlaceholder for
|
1603
1873
|
// range find.
|
1604
1874
|
mc_FLE2RangeFindSpec_t findSpec;
|
1605
|
-
if (!mc_FLE2RangeFindSpec_parse(&findSpec, &placeholder->v_iter,
|
1875
|
+
if (!mc_FLE2RangeFindSpec_parse(&findSpec, &placeholder->v_iter, status)) {
|
1606
1876
|
goto fail;
|
1607
1877
|
}
|
1608
1878
|
|
@@ -1610,27 +1880,10 @@ static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForRange_v1(_mongocry
|
|
1610
1880
|
// cm := Queryable Encryption max contentionFactor
|
1611
1881
|
payload.payload.value.maxContentionFactor = placeholder->maxContentionFactor;
|
1612
1882
|
|
1613
|
-
// e := ServerDataEncryptionLevel1Token
|
1614
|
-
{
|
1615
|
-
if (!_get_tokenKey(kb, &placeholder->index_key_id, &tokenKey, status)) {
|
1616
|
-
goto fail;
|
1617
|
-
}
|
1618
|
-
|
1619
|
-
mc_ServerDataEncryptionLevel1Token_t *serverToken =
|
1620
|
-
mc_ServerDataEncryptionLevel1Token_new(crypto, &tokenKey, status);
|
1621
|
-
if (!serverToken) {
|
1622
|
-
goto fail;
|
1623
|
-
}
|
1624
|
-
_mongocrypt_buffer_copy_to(mc_ServerDataEncryptionLevel1Token_get(serverToken),
|
1625
|
-
&payload.payload.value.serverEncryptionToken);
|
1626
|
-
mc_ServerDataEncryptionLevel1Token_destroy(serverToken);
|
1627
|
-
}
|
1628
|
-
|
1629
1883
|
// g:= array<EdgeFindTokenSet>
|
1630
1884
|
{
|
1631
1885
|
BSON_ASSERT(placeholder->sparsity >= 0 && (uint64_t)placeholder->sparsity <= (uint64_t)SIZE_MAX);
|
1632
|
-
mincover =
|
1633
|
-
mc_get_mincover_from_FLE2RangeFindSpec(&findSpec, (size_t)placeholder->sparsity, status, use_range_v2);
|
1886
|
+
mincover = mc_get_mincover_from_FLE2RangeFindSpec(&findSpec, (size_t)placeholder->sparsity, status);
|
1634
1887
|
if (!mincover) {
|
1635
1888
|
goto fail;
|
1636
1889
|
}
|
@@ -1641,7 +1894,7 @@ static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForRange_v1(_mongocry
|
|
1641
1894
|
const char *edge = mc_mincover_get(mincover, i);
|
1642
1895
|
_mongocrypt_buffer_t edge_buf = {0};
|
1643
1896
|
_FLE2EncryptedPayloadCommon_t edge_tokens = {{0}};
|
1644
|
-
|
1897
|
+
mc_EdgeFindTokenSetV2_t eftc = {{0}};
|
1645
1898
|
|
1646
1899
|
if (!_mongocrypt_buffer_from_string(&edge_buf, edge)) {
|
1647
1900
|
CLIENT_ERR("failed to copy edge to buffer");
|
@@ -1652,7 +1905,7 @@ static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForRange_v1(_mongocry
|
|
1652
1905
|
&edge_tokens,
|
1653
1906
|
&placeholder->index_key_id,
|
1654
1907
|
&edge_buf,
|
1655
|
-
false, /* derive tokens using contentionFactor */
|
1908
|
+
false, /* derive tokens without using contentionFactor */
|
1656
1909
|
placeholder->maxContentionFactor, /* ignored */
|
1657
1910
|
status)) {
|
1658
1911
|
goto fail_loop;
|
@@ -1662,8 +1915,9 @@ static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForRange_v1(_mongocry
|
|
1662
1915
|
_mongocrypt_buffer_steal(&eftc.edcDerivedToken, &edge_tokens.edcDerivedToken);
|
1663
1916
|
// s := ESCDerivedToken
|
1664
1917
|
_mongocrypt_buffer_steal(&eftc.escDerivedToken, &edge_tokens.escDerivedToken);
|
1665
|
-
|
1666
|
-
|
1918
|
+
|
1919
|
+
// l := serverDerivedFromDataToken
|
1920
|
+
_mongocrypt_buffer_steal(&eftc.serverDerivedFromDataToken, &edge_tokens.serverDerivedFromDataToken);
|
1667
1921
|
|
1668
1922
|
_mc_array_append_val(&payload.payload.value.edgeFindTokenSetArray, eftc);
|
1669
1923
|
|
@@ -1677,6 +1931,13 @@ static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForRange_v1(_mongocry
|
|
1677
1931
|
}
|
1678
1932
|
}
|
1679
1933
|
payload.payload.set = true;
|
1934
|
+
|
1935
|
+
// Include "range" payload fields introduced in SERVER-91889.
|
1936
|
+
payload.sparsity = OPT_I64(placeholder->sparsity);
|
1937
|
+
payload.precision = findSpec.edgesInfo.value.precision;
|
1938
|
+
payload.trimFactor = OPT_I32(mc_mincover_get_used_trimFactor(mincover));
|
1939
|
+
bson_value_copy(bson_iter_value(&findSpec.edgesInfo.value.indexMin), &payload.indexMin);
|
1940
|
+
bson_value_copy(bson_iter_value(&findSpec.edgesInfo.value.indexMax), &payload.indexMax);
|
1680
1941
|
}
|
1681
1942
|
|
1682
1943
|
payload.payloadId = findSpec.payloadId;
|
@@ -1686,153 +1947,80 @@ static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForRange_v1(_mongocry
|
|
1686
1947
|
// Serialize.
|
1687
1948
|
{
|
1688
1949
|
bson_t out = BSON_INITIALIZER;
|
1689
|
-
|
1950
|
+
mc_FLE2FindRangePayloadV2_serialize(&payload, &out);
|
1690
1951
|
_mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
|
1691
1952
|
}
|
1692
1953
|
_mongocrypt_buffer_steal(&ciphertext->key_id, &placeholder->index_key_id);
|
1693
1954
|
|
1694
1955
|
// Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
|
1695
|
-
// not used for
|
1696
|
-
ciphertext->blob_subtype =
|
1956
|
+
// not used for FLE2FindRangePayloadV2.
|
1957
|
+
ciphertext->blob_subtype = MC_SUBTYPE_FLE2FindRangePayloadV2;
|
1697
1958
|
|
1698
1959
|
res = true;
|
1699
1960
|
fail:
|
1700
1961
|
mc_mincover_destroy(mincover);
|
1701
|
-
|
1962
|
+
mc_FLE2FindRangePayloadV2_cleanup(&payload);
|
1702
1963
|
_mongocrypt_buffer_cleanup(&tokenKey);
|
1703
1964
|
|
1704
1965
|
return res;
|
1705
1966
|
}
|
1706
1967
|
|
1707
|
-
|
1708
|
-
*
|
1709
|
-
*
|
1710
|
-
*
|
1711
|
-
*
|
1712
|
-
* {cm: maxContentionFactor,
|
1713
|
-
* g: [{d: EDC, s: ESC, l: serverDerivedFromDataToken}, ...]}
|
1714
|
-
*/
|
1715
|
-
static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForRange(_mongocrypt_key_broker_t *kb,
|
1716
|
-
_mongocrypt_marking_t *marking,
|
1717
|
-
_mongocrypt_ciphertext_t *ciphertext,
|
1718
|
-
mongocrypt_status_t *status) {
|
1968
|
+
static bool _mongocrypt_fle2_placeholder_to_find_ciphertextForTextSearch(_mongocrypt_key_broker_t *kb,
|
1969
|
+
_mongocrypt_marking_t *marking,
|
1970
|
+
_mongocrypt_ciphertext_t *ciphertext,
|
1971
|
+
mongocrypt_status_t *status) {
|
1719
1972
|
BSON_ASSERT_PARAM(kb);
|
1720
1973
|
BSON_ASSERT_PARAM(marking);
|
1721
1974
|
BSON_ASSERT_PARAM(ciphertext);
|
1975
|
+
BSON_ASSERT(kb->crypt);
|
1976
|
+
BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
|
1722
1977
|
|
1723
|
-
if (kb->crypt->opts.use_fle2_v2 == false) {
|
1724
|
-
return _mongocrypt_fle2_placeholder_to_find_ciphertextForRange_v1(kb, marking, ciphertext, status);
|
1725
|
-
}
|
1726
|
-
|
1727
|
-
const bool use_range_v2 = kb->crypt->opts.use_range_v2;
|
1728
|
-
mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
|
1729
|
-
mc_FLE2FindRangePayloadV2_t payload;
|
1730
1978
|
bool res = false;
|
1731
|
-
|
1732
|
-
_mongocrypt_buffer_t tokenKey = {0};
|
1733
|
-
|
1734
|
-
BSON_ASSERT(marking->type == MONGOCRYPT_MARKING_FLE2_ENCRYPTION);
|
1735
|
-
BSON_ASSERT(placeholder);
|
1979
|
+
mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->u.fle2;
|
1736
1980
|
BSON_ASSERT(placeholder->type == MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND);
|
1737
|
-
BSON_ASSERT(placeholder->algorithm ==
|
1738
|
-
mc_FLE2FindRangePayloadV2_init(&payload);
|
1981
|
+
BSON_ASSERT(placeholder->algorithm == MONGOCRYPT_FLE2_ALGORITHM_TEXT_SEARCH);
|
1739
1982
|
|
1740
|
-
|
1741
|
-
|
1742
|
-
|
1743
|
-
|
1983
|
+
mc_FLE2FindTextPayload_t payload;
|
1984
|
+
mc_FLE2FindTextPayload_init(&payload);
|
1985
|
+
|
1986
|
+
mc_FLE2TextSearchInsertSpec_t spec;
|
1987
|
+
if (!mc_FLE2TextSearchInsertSpec_parse(&spec, &placeholder->v_iter, status)) {
|
1744
1988
|
goto fail;
|
1745
1989
|
}
|
1746
1990
|
|
1747
|
-
if (
|
1748
|
-
|
1749
|
-
payload.payload.value.maxContentionFactor = placeholder->maxContentionFactor;
|
1750
|
-
|
1751
|
-
// g:= array<EdgeFindTokenSet>
|
1752
|
-
{
|
1753
|
-
BSON_ASSERT(placeholder->sparsity >= 0 && (uint64_t)placeholder->sparsity <= (uint64_t)SIZE_MAX);
|
1754
|
-
mincover =
|
1755
|
-
mc_get_mincover_from_FLE2RangeFindSpec(&findSpec, (size_t)placeholder->sparsity, status, use_range_v2);
|
1756
|
-
if (!mincover) {
|
1757
|
-
goto fail;
|
1758
|
-
}
|
1759
|
-
|
1760
|
-
for (size_t i = 0; i < mc_mincover_len(mincover); i++) {
|
1761
|
-
// Create a EdgeFindTokenSet from each edge.
|
1762
|
-
bool loop_ok = false;
|
1763
|
-
const char *edge = mc_mincover_get(mincover, i);
|
1764
|
-
_mongocrypt_buffer_t edge_buf = {0};
|
1765
|
-
_FLE2EncryptedPayloadCommon_t edge_tokens = {{0}};
|
1766
|
-
mc_EdgeFindTokenSetV2_t eftc = {{0}};
|
1767
|
-
|
1768
|
-
if (!_mongocrypt_buffer_from_string(&edge_buf, edge)) {
|
1769
|
-
CLIENT_ERR("failed to copy edge to buffer");
|
1770
|
-
goto fail_loop;
|
1771
|
-
}
|
1772
|
-
|
1773
|
-
if (!_mongocrypt_fle2_placeholder_common(kb,
|
1774
|
-
&edge_tokens,
|
1775
|
-
&placeholder->index_key_id,
|
1776
|
-
&edge_buf,
|
1777
|
-
false, /* derive tokens without using contentionFactor */
|
1778
|
-
placeholder->maxContentionFactor, /* ignored */
|
1779
|
-
status)) {
|
1780
|
-
goto fail_loop;
|
1781
|
-
}
|
1782
|
-
|
1783
|
-
// d := EDCDerivedToken
|
1784
|
-
_mongocrypt_buffer_steal(&eftc.edcDerivedToken, &edge_tokens.edcDerivedToken);
|
1785
|
-
// s := ESCDerivedToken
|
1786
|
-
_mongocrypt_buffer_steal(&eftc.escDerivedToken, &edge_tokens.escDerivedToken);
|
1787
|
-
|
1788
|
-
// l := serverDerivedFromDataToken
|
1789
|
-
_mongocrypt_buffer_steal(&eftc.serverDerivedFromDataToken, &edge_tokens.serverDerivedFromDataToken);
|
1790
|
-
|
1791
|
-
_mc_array_append_val(&payload.payload.value.edgeFindTokenSetArray, eftc);
|
1792
|
-
|
1793
|
-
loop_ok = true;
|
1794
|
-
fail_loop:
|
1795
|
-
_FLE2EncryptedPayloadCommon_cleanup(&edge_tokens);
|
1796
|
-
_mongocrypt_buffer_cleanup(&edge_buf);
|
1797
|
-
if (!loop_ok) {
|
1798
|
-
goto fail;
|
1799
|
-
}
|
1800
|
-
}
|
1801
|
-
}
|
1802
|
-
payload.payload.set = true;
|
1803
|
-
|
1804
|
-
if (use_range_v2) {
|
1805
|
-
// Include "range" payload fields introduced in SERVER-91889.
|
1806
|
-
payload.sparsity = OPT_I64(placeholder->sparsity);
|
1807
|
-
payload.precision = findSpec.edgesInfo.value.precision;
|
1808
|
-
payload.trimFactor = OPT_I32(mc_mincover_get_used_trimFactor(mincover));
|
1809
|
-
bson_value_copy(bson_iter_value(&findSpec.edgesInfo.value.indexMin), &payload.indexMin);
|
1810
|
-
bson_value_copy(bson_iter_value(&findSpec.edgesInfo.value.indexMax), &payload.indexMax);
|
1811
|
-
}
|
1991
|
+
if (!_fle2_generate_TextSearchFindTokenSets(kb, &payload.tokenSets, &placeholder->index_key_id, &spec, status)) {
|
1992
|
+
goto fail;
|
1812
1993
|
}
|
1813
1994
|
|
1814
|
-
payload.
|
1815
|
-
payload.
|
1816
|
-
payload.
|
1995
|
+
payload.caseFold = spec.casef;
|
1996
|
+
payload.diacriticFold = spec.diacf;
|
1997
|
+
payload.maxContentionFactor = placeholder->maxContentionFactor;
|
1998
|
+
if (spec.substr.set) {
|
1999
|
+
payload.substringSpec.set = true;
|
2000
|
+
payload.substringSpec.value = spec.substr.value;
|
2001
|
+
} else if (spec.suffix.set) {
|
2002
|
+
payload.suffixSpec.set = true;
|
2003
|
+
payload.suffixSpec.value = spec.suffix.value;
|
2004
|
+
} else if (spec.prefix.set) {
|
2005
|
+
payload.prefixSpec.set = true;
|
2006
|
+
payload.prefixSpec.value = spec.prefix.value;
|
2007
|
+
}
|
1817
2008
|
|
1818
2009
|
// Serialize.
|
1819
2010
|
{
|
1820
2011
|
bson_t out = BSON_INITIALIZER;
|
1821
|
-
|
2012
|
+
mc_FLE2FindTextPayload_serialize(&payload, &out);
|
1822
2013
|
_mongocrypt_buffer_steal_from_bson(&ciphertext->data, &out);
|
1823
2014
|
}
|
1824
|
-
_mongocrypt_buffer_steal(&ciphertext->key_id, &placeholder->index_key_id);
|
1825
2015
|
|
1826
2016
|
// Do not set ciphertext->original_bson_type and ciphertext->key_id. They are
|
1827
|
-
// not used for
|
1828
|
-
ciphertext->blob_subtype =
|
2017
|
+
// not used for FLE2FindTextPayload.
|
2018
|
+
ciphertext->blob_subtype = MC_SUBTYPE_FLE2FindTextPayload;
|
1829
2019
|
|
1830
2020
|
res = true;
|
1831
|
-
fail:
|
1832
|
-
mc_mincover_destroy(mincover);
|
1833
|
-
mc_FLE2FindRangePayloadV2_cleanup(&payload);
|
1834
|
-
_mongocrypt_buffer_cleanup(&tokenKey);
|
1835
2021
|
|
2022
|
+
fail:
|
2023
|
+
mc_FLE2FindTextPayload_cleanup(&payload);
|
1836
2024
|
return res;
|
1837
2025
|
}
|
1838
2026
|
|
@@ -1845,7 +2033,7 @@ static bool _mongocrypt_fle2_placeholder_to_FLE2UnindexedEncryptedValue(_mongocr
|
|
1845
2033
|
BSON_ASSERT_PARAM(ciphertext);
|
1846
2034
|
|
1847
2035
|
_mongocrypt_buffer_t plaintext = {0};
|
1848
|
-
mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->fle2;
|
2036
|
+
mc_FLE2EncryptionPlaceholder_t *placeholder = &marking->u.fle2;
|
1849
2037
|
_mongocrypt_buffer_t user_key = {0};
|
1850
2038
|
bool res = false;
|
1851
2039
|
|
@@ -1860,25 +2048,14 @@ static bool _mongocrypt_fle2_placeholder_to_FLE2UnindexedEncryptedValue(_mongocr
|
|
1860
2048
|
}
|
1861
2049
|
|
1862
2050
|
BSON_ASSERT(kb->crypt);
|
1863
|
-
|
1864
|
-
|
1865
|
-
|
1866
|
-
|
1867
|
-
|
1868
|
-
|
1869
|
-
|
1870
|
-
|
1871
|
-
ciphertext->blob_subtype = MC_SUBTYPE_FLE2UnindexedEncryptedValueV2;
|
1872
|
-
} else {
|
1873
|
-
res = mc_FLE2UnindexedEncryptedValue_encrypt(kb->crypt->crypto,
|
1874
|
-
&placeholder->user_key_id,
|
1875
|
-
bson_iter_type(&placeholder->v_iter),
|
1876
|
-
&plaintext,
|
1877
|
-
&user_key,
|
1878
|
-
&ciphertext->data,
|
1879
|
-
status);
|
1880
|
-
ciphertext->blob_subtype = MC_SUBTYPE_FLE2UnindexedEncryptedValue;
|
1881
|
-
}
|
2051
|
+
res = mc_FLE2UnindexedEncryptedValueV2_encrypt(kb->crypt->crypto,
|
2052
|
+
&placeholder->user_key_id,
|
2053
|
+
bson_iter_type(&placeholder->v_iter),
|
2054
|
+
&plaintext,
|
2055
|
+
&user_key,
|
2056
|
+
&ciphertext->data,
|
2057
|
+
status);
|
2058
|
+
ciphertext->blob_subtype = MC_SUBTYPE_FLE2UnindexedEncryptedValueV2;
|
1882
2059
|
|
1883
2060
|
if (!res) {
|
1884
2061
|
goto fail;
|
@@ -1922,12 +2099,13 @@ static bool _mongocrypt_fle1_marking_to_ciphertext(_mongocrypt_key_broker_t *kb,
|
|
1922
2099
|
_mongocrypt_buffer_init(&key_id);
|
1923
2100
|
_mongocrypt_buffer_init(&key_material);
|
1924
2101
|
|
1925
|
-
/* Get the decrypted key for this marking. */
|
2102
|
+
/* Get the decrypted key for this marking.u.fle1. */
|
1926
2103
|
if (marking->type == MONGOCRYPT_MARKING_FLE1_BY_ALTNAME) {
|
1927
|
-
key_found =
|
1928
|
-
|
1929
|
-
|
1930
|
-
|
2104
|
+
key_found =
|
2105
|
+
_mongocrypt_key_broker_decrypted_key_by_name(kb, &marking->u.fle1.key_alt_name, &key_material, &key_id);
|
2106
|
+
} else if (!_mongocrypt_buffer_empty(&marking->u.fle1.key_id)) {
|
2107
|
+
key_found = _mongocrypt_key_broker_decrypted_key_by_id(kb, &marking->u.fle1.key_id, &key_material);
|
2108
|
+
_mongocrypt_buffer_copy_to(&marking->u.fle1.key_id, &key_id);
|
1931
2109
|
} else {
|
1932
2110
|
CLIENT_ERR("marking must have either key_id or key_alt_name");
|
1933
2111
|
goto fail;
|
@@ -1938,11 +2116,11 @@ static bool _mongocrypt_fle1_marking_to_ciphertext(_mongocrypt_key_broker_t *kb,
|
|
1938
2116
|
goto fail;
|
1939
2117
|
}
|
1940
2118
|
|
1941
|
-
ciphertext->original_bson_type = (uint8_t)bson_iter_type(&marking->v_iter);
|
1942
|
-
if (marking->algorithm == MONGOCRYPT_ENCRYPTION_ALGORITHM_DETERMINISTIC) {
|
2119
|
+
ciphertext->original_bson_type = (uint8_t)bson_iter_type(&marking->u.fle1.v_iter);
|
2120
|
+
if (marking->u.fle1.algorithm == MONGOCRYPT_ENCRYPTION_ALGORITHM_DETERMINISTIC) {
|
1943
2121
|
ciphertext->blob_subtype = MC_SUBTYPE_FLE1DeterministicEncryptedValue;
|
1944
2122
|
} else {
|
1945
|
-
BSON_ASSERT(marking->algorithm == MONGOCRYPT_ENCRYPTION_ALGORITHM_RANDOM);
|
2123
|
+
BSON_ASSERT(marking->u.fle1.algorithm == MONGOCRYPT_ENCRYPTION_ALGORITHM_RANDOM);
|
1946
2124
|
ciphertext->blob_subtype = MC_SUBTYPE_FLE1RandomEncryptedValue;
|
1947
2125
|
}
|
1948
2126
|
_mongocrypt_buffer_copy_to(&key_id, &ciphertext->key_id);
|
@@ -1951,7 +2129,7 @@ static bool _mongocrypt_fle1_marking_to_ciphertext(_mongocrypt_key_broker_t *kb,
|
|
1951
2129
|
goto fail;
|
1952
2130
|
}
|
1953
2131
|
|
1954
|
-
_mongocrypt_buffer_from_iter(&plaintext, &marking->v_iter);
|
2132
|
+
_mongocrypt_buffer_from_iter(&plaintext, &marking->u.fle1.v_iter);
|
1955
2133
|
ciphertext->data.len = fle1->get_ciphertext_len(plaintext.len, status);
|
1956
2134
|
if (ciphertext->data.len == 0) {
|
1957
2135
|
goto fail;
|
@@ -1962,7 +2140,7 @@ static bool _mongocrypt_fle1_marking_to_ciphertext(_mongocrypt_key_broker_t *kb,
|
|
1962
2140
|
ciphertext->data.owned = true;
|
1963
2141
|
|
1964
2142
|
BSON_ASSERT(kb->crypt);
|
1965
|
-
switch (marking->algorithm) {
|
2143
|
+
switch (marking->u.fle1.algorithm) {
|
1966
2144
|
case MONGOCRYPT_ENCRYPTION_ALGORITHM_DETERMINISTIC:
|
1967
2145
|
/* Use deterministic encryption. */
|
1968
2146
|
_mongocrypt_buffer_resize(&iv, MONGOCRYPT_IV_LEN);
|
@@ -2037,11 +2215,11 @@ bool _mongocrypt_marking_to_ciphertext(void *ctx,
|
|
2037
2215
|
|
2038
2216
|
switch (marking->type) {
|
2039
2217
|
case MONGOCRYPT_MARKING_FLE2_ENCRYPTION:
|
2040
|
-
switch (marking->fle2.algorithm) {
|
2218
|
+
switch (marking->u.fle2.algorithm) {
|
2041
2219
|
case MONGOCRYPT_FLE2_ALGORITHM_UNINDEXED:
|
2042
2220
|
return _mongocrypt_fle2_placeholder_to_FLE2UnindexedEncryptedValue(kb, marking, ciphertext, status);
|
2043
2221
|
case MONGOCRYPT_FLE2_ALGORITHM_RANGE:
|
2044
|
-
switch (marking->fle2.type) {
|
2222
|
+
switch (marking->u.fle2.type) {
|
2045
2223
|
case MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT:
|
2046
2224
|
return _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForRange(kb,
|
2047
2225
|
marking,
|
@@ -2049,17 +2227,28 @@ bool _mongocrypt_marking_to_ciphertext(void *ctx,
|
|
2049
2227
|
status);
|
2050
2228
|
case MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND:
|
2051
2229
|
return _mongocrypt_fle2_placeholder_to_find_ciphertextForRange(kb, marking, ciphertext, status);
|
2052
|
-
default: CLIENT_ERR("unexpected fle2 type: %d", (int)marking->fle2.type); return false;
|
2230
|
+
default: CLIENT_ERR("unexpected fle2 type: %d", (int)marking->u.fle2.type); return false;
|
2053
2231
|
}
|
2054
2232
|
case MONGOCRYPT_FLE2_ALGORITHM_EQUALITY:
|
2055
|
-
switch (marking->fle2.type) {
|
2233
|
+
switch (marking->u.fle2.type) {
|
2056
2234
|
case MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT:
|
2057
2235
|
return _mongocrypt_fle2_placeholder_to_insert_update_ciphertext(kb, marking, ciphertext, status);
|
2058
2236
|
case MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND:
|
2059
2237
|
return _mongocrypt_fle2_placeholder_to_find_ciphertext(kb, marking, ciphertext, status);
|
2060
|
-
default: CLIENT_ERR("unexpected fle2 type: %d", (int)marking->fle2.type); return false;
|
2238
|
+
default: CLIENT_ERR("unexpected fle2 type: %d", (int)marking->u.fle2.type); return false;
|
2239
|
+
}
|
2240
|
+
case MONGOCRYPT_FLE2_ALGORITHM_TEXT_SEARCH:
|
2241
|
+
switch (marking->u.fle2.type) {
|
2242
|
+
case MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_INSERT:
|
2243
|
+
return _mongocrypt_fle2_placeholder_to_insert_update_ciphertextForTextSearch(kb,
|
2244
|
+
marking,
|
2245
|
+
ciphertext,
|
2246
|
+
status);
|
2247
|
+
case MONGOCRYPT_FLE2_PLACEHOLDER_TYPE_FIND:
|
2248
|
+
return _mongocrypt_fle2_placeholder_to_find_ciphertextForTextSearch(kb, marking, ciphertext, status);
|
2249
|
+
default: CLIENT_ERR("unexpected fle2 type: %d", (int)marking->u.fle2.type); return false;
|
2061
2250
|
}
|
2062
|
-
default: CLIENT_ERR("unexpected algorithm: %d", (int)marking->algorithm); return false;
|
2251
|
+
default: CLIENT_ERR("unexpected algorithm: %d", (int)marking->u.fle1.algorithm); return false;
|
2063
2252
|
}
|
2064
2253
|
case MONGOCRYPT_MARKING_FLE1_BY_ID:
|
2065
2254
|
case MONGOCRYPT_MARKING_FLE1_BY_ALTNAME:
|